What is Cryptography?
Cryptography is used to protect data. It can protect data from being viewed, modified, or to ensure the integrity from the originator. Cryptography can be used as a mechanism to provide secure communication over an unsecured network, such as the Internet, by encrypting data, sending it across the network in the encrypted state, and then the decrypting the data on the receiving end. Encryption can also be used as an additional security mechanism to further protect data such as passwords stored in a database to prevent them from being human readable or understandable.
Encryption Components in .NET
The Microsoft .NET Framework classes (System.Security.Cryptography) will manage the details of cryptography for you. The classes are implemented with the same interface; so working with the classes is the same across the cryptography namespace. Some of the classes in the Framework are mere wrappers for algorithms that exist in the Microsoft CrytpoAPI. Other classes are managed implementations of their respective algorithms
Public-Key Encryption
Public-key encryption, also known as asymmetric encryption, uses a public and private key pair to encrypt and decrypt data. The public key is made available to anyone and is used to encrypt data to be sent to the owner of the private key. The private key, as the name implies, is kept private. The private key is used to decrypt the data and will only work if the correct public key was used when encrypting the data.
The following are the various public key encryption techniques available in .NET;
* Digital Signature Algorithm (DSA)
* RSA
Private-Key Encryption
Private-key Encryption, also known as symmetric encryption, uses a single key to encrypt and decrypt information. The key must be kept secret from those not authorized to decrypt the data lest the data be compromised. Private-key algorithms are relatively fast and can be used to encrypt and decrypt large streams of data
The following are the various private key encryption techniques available in .NET;
* Data Encryption Standard (DES)
* RC2
* TripleDES
* Rijndael algorithm
Hashing Algorithms
Hashing refers to mapping data of any length into a fixed-length byte sequence. Regardless of if the input is the contents of the library of Congress or the typing test "The quick brown fox jumps over the lazy dog" it will result in an output of the same size. Hashing also produces unique results. Even if the input varies by a single character it will produce different output.
The following are the various hashing techniques available in .NET;
* HMACSHA1
* MACTripleDES
* MD5CryptoServiceProvider
* SHA1Managed
* SHA256Managed
* SHA384Managed
* SHA512Managed
Password Encryption in .NET
Hashing is the best technique for encrypting and decrypting passwords in .NET framework. As we have already seen, Hashing in .NET has various flavors;
* HMACSHA1
* MACTripleDES
* MD5CryptoServiceProvider
* SHA1Managed
* SHA256Managed
* SHA384Managed
* SHA512Managed
All hashes have the same purpose: to digitally fingerprint code. However, there are different speed and security tradeoffs for each Hash.Provider:
Provider | Length (bits) | Security | Speed |
Hash.Provider.CRC32 | 32 | low | fast |
Hash.Provider.SHA1 | 160 | moderate | medium |
Hash.Provider.SHA256 | 256 | high | slow |
Hash.Provider.SHA384 | 384 | high | slow |
Hash.Provider.SHA512 | 512 | extreme | slow |
Hash.Provider.MD5 | 128 | moderate | medium |
Considering the speed and security tradeoffs, the best to use for encrypting and decrypting password will be using the SHA1 hashing provider.
SHA1 is also called Secure Hashing Algorithm. It is said to be irreversible, you can’t decrypt it. They are said to be secure since it computationally infeasible to reverse the process to discover the original message from the digest. They are therefore frequently used to produce a unique one-way hash representation of a sensitive message.
This algorithm is able to take a very large message and produce a 160-bit message digest.
No comments:
Post a Comment