The previous chapters shown how to apply security to an application; the topics that follow demonstrate how to use cryptography to secure the data that your applications use.
We begin with an overview of cryptography and discuss some of the dangers and limitations of which you should be aware when putting it to use. Consider this chapter as a simple primer for those who have not previously encountered cryptography. In the chapters that follow, we examine specific aspects of cryptography in detail, and illustrate how to use and extend the .NET Framework’s cryptographic support.
You should seriously consider using cryptography in any application that processes sensitive or valuable data. However, contrary to common opinion, cryptography itself is vulnerable to attack and is not something that can be “plugged into” an application and then forgotten. Throughout this book, we have shown you that software security is an ongoing process that requires careful planning and management. This is especially true for cryptography, where it is easy to create disastrous mistakes.
The most common way to describe cryptographic systems is to assume that one person (usually named Alice) wants to send a message to another person (Bob). However, a third person (Eve) is determined to eavesdrop on their conversation. Figure 12-1 shows the relationship between Alice, Bob, and Eve.