Overview of symmetric encryption in .NET

October 21, 2016 3 Comments

Introduction

A symmetric encryption algorithm is one where the cryptographic key is the same for both encryption and decryption and is shared among the parties involved in the process.

Ideally only a small group of reliable people should have access to this key. Attackers decipher an encrypted message rather than trying to defeat the algorithm itself. The key can vary in size so the attacker will need to know this first. Once they know this then they will try combinations of possible key characters.

A clear disadvantage with this approach is that distributing and storing keys in a safe and reliable manner is difficult. On the other hand symmetric algorithms are fast.

In this short overview we’ll look at the symmetric encryption algorithms currently supported in .NET.

Read more of this post

Filed under .NET, Security Tagged with , ,

Two ways to measure time in C# .NET

October 20, 2016 Leave a comment

Imagine that you want to want to measure how long it takes to execute a method or function in .NET. Maybe you suspect that a specific call in your code is taking too long but you would like to measure its performance.

There are professional – and expensive – tools out there that can monitor the behaviour of applications at the code level such as AppDynamics or DynaTrace. However, they are relatively complex to install and get to work and may be overkill for a simple initial code diagnostics. Instead you might want to start with some simple C# code to begin with.

Read more of this post

Filed under .NET, C# language features Tagged with

Overriding the + and – operators in C# .NET

October 19, 2016 Leave a comment

It’s easy to override the mathemtical operators like + or – in C# to build custom operations.

Consider the following simple Rectangle class:

public class Rectangle
{
	public Rectangle(int width, int height)
	{
		Height = height;
		Width = width;
	}

	public int Width
	{
		get;
		set;
	}

	public int Height
	{
		get;
		set;
	}
}

Read more of this post

Filed under .NET, C# language features Tagged with

Hashing passwords with a password based key derivation function in .NET

October 18, 2016 Leave a comment

In this post we saw a basic hashing technique using a password and a salt. We added an extra random set of bytes to the password and hashed the combined byte array instead of just the password bytes. We can store the salt along with the hash in our database. The main purpose of adding a salt to the password is to increase its entropy which more or less means randomness.

Hashing the password with an extra salt like that may still not be as secure as we think it is. The processing power of today’s fast computers and the increasing size of available rainbow tables keep pushing the limits of what’s available to crack with brute force attacks. One way to increase the difficulty of cracking a password is to keep hashing its hash in an iterative manner. Password-based key derivation functions help us achieve that and we’ll see an example of their usage in this post.

Read more of this post

Filed under .NET, Security Tagged with , , ,

How to hash passwords with a salt in .NET

October 17, 2016 2 Comments

In this post we learnt about using hashing in .NET. We also saw one of its basic functions in the same post which is message verification. In this post we saw how hashing coupled with a random key can be used for message authentication.

We also mentioned another common usage of hashing which is password storage. A password should never be stored as clear text in your system. Instead we save its hash value and when a user enters a password in a login field then we compare the hashed values instead of the plain string passwords. However, a simple one-way hash is generally still not good enough.

Read more of this post

Filed under .NET, Security Tagged with , ,

Using HMACs to authenticate a hash in .NET

October 14, 2016 Leave a comment

In this post we learnt about using hashing in .NET. Hashes provide a one-way encryption of a message where the hash value ideally cannot be “unhashed”, i.e. we cannot build the original string from it. A hash or message digest helps us verify whether the message has been tampered with by a third party after it was sent to us.

We can take a step further and add an extra layer of security on our hashes. After all a message and its hash could originate from anyone. How can we verify the authenticity of the message as well? That’s where Hashed Message Authentication Codes, also called HashMACs or HMACs enter the picture.

Read more of this post

Filed under .NET, Security Tagged with , , ,

Extending class definitions with partial classes in C# .NET

October 13, 2016 Leave a comment

The ‘partial’ keyword helps you divide your classes into multiple files within the same namespace. One obvious usage of partial classes is to split the definition of a large type into smaller chunks. You cannot just use the partial keyword with classes but methods as well.

The partial classes will reside in two – or more – different cs files in the same namespace. Say you have a partial Customer class in the project-name/domains folder:

Read more of this post

Filed under .NET, C# language features Tagged with ,

Listing all performance counters on Windows with C# .NET

October 12, 2016 Leave a comment

Performance counters in Windows can help you with finding bottlenecks in your application. There’s a long range of built-in performance counters in Windows which you can view in the Performance Monitor window:

Performance Monitor window

Right-click anywhere on the larger screen to the right and select Add Counters to add your counters to the graph. The Add Counters window will show the categories first. You can then open a category and select one or more specific counters within that category. The graph will show the real-time data immediately:

Read more of this post

Filed under .NET, Diagnostics Tagged with , ,

Comparing strings using the CompareInfo class in .NET C#

October 11, 2016 Leave a comment

It’s important to be aware of the cultural settings in a globalised application when comparing strings. The CompareInfo class and the CompareOptions enumeration provide a useful way to compare strings based on specific cultures.

One way to get hold of the CompareInfo class belonging to a specific culture is through the CultureInfo class:

CultureInfo swedishCulture = new CultureInfo("sv-SE");
CompareInfo swedishCompareInfo = swedishCulture.CompareInfo;

CultureInfo hungarianCulture = new CultureInfo("hu-HU");
CompareInfo hungarianCompareInfo = hungarianCulture.CompareInfo;

CultureInfo germanCulture = new CultureInfo("de-DE");
CompareInfo germanCompareInfo = germanCulture.CompareInfo;

The CompareInfo object has a Compare method which returns 0 if the strings are equal, -1 if the first string is less than the second and 1 if the opposite is the case. The following comparison of two German strings returns -1 as by default the comparison is case-sensitive:

int comparison = germanCompareInfo.Compare("mädchen", "Mädchen");

This is where the CompareOptions enumeration proves useful. Here are the possible values:

  • IgnoreCase: make the comparison case-insensitive
  • IgnoreNonSpace: ignore diacritics, or officially non-spacing combining characters in Unicode. Example: “Madchen” will be equal to “Mädchen” with this flag
  • IgnoreSymbols: ignore symbols, like white-space, #, $, % etc. “Mädch$en” and “M#ädchen” will be considered equal with this flag
  • IgnoreKana and IgnoreWidth: concern mostly the Japanese language
  • None: the default value if the basic overload of Compare is called
  • Ordinal: quick but culture-insensitive comparison based on the Unicode value of each character
  • OrdinalIgnoreCase: same as Ordinal but the comparison is also case-insensitive
  • StringSort: use a sort algorithm where non-alphanumeric symbols, such as ‘-‘ come before the alphanumeric characters

Read all posts related to Globalisation in .NET here.

Filed under .NET, C# language features, Globalization Tagged with , , ,

Reading the value of a performance counter on Windows with C# .NET

October 10, 2016 Leave a comment

In this post we saw how to list all performance categories and the performance counters within each category. It’s equally straightforward to read the value of a performance counter. You’ll need at least the category and the name of the performance counter. If the counter is available in multiple instances then you’ll need to specify the instance name as well.

The following code will read the CPU usage and memory usage counters:

private static void ReadValuesOfPerformanceCounters()
{
	PerformanceCounter processorTimeCounter = new PerformanceCounter("Processor", "% Processor Time", "_Total");
	PerformanceCounter memoryUsage = new PerformanceCounter("Memory", "Available MBytes");			
	Console.WriteLine("CPU usage counter: ");
	Console.WriteLine("Category: {0}", processorTimeCounter.CategoryName);
	Console.WriteLine("Instance: {0}", processorTimeCounter.InstanceName);
	Console.WriteLine("Counter name: {0}", processorTimeCounter.CounterName);
	Console.WriteLine("Help text: {0}", processorTimeCounter.CounterHelp);
	Console.WriteLine("------------------------------");
	Console.WriteLine("Memory usage counter: ");
	Console.WriteLine("Category: {0}", memoryUsage.CategoryName);
	Console.WriteLine("Counter name: {0}", memoryUsage.CounterName);
	Console.WriteLine("Help text: {0}", memoryUsage.CounterHelp);
	Console.WriteLine("------------------------------");
	while (true)
	{
		Console.WriteLine("CPU value: {0}", processorTimeCounter.NextValue());
		Console.WriteLine("Memory value: {0}", memoryUsage.NextValue());
		Thread.Sleep(2000);
        }
}

Here’s an excerpt of the output:

Reading values of performance counters

You can view all posts related to Diagnostics here.

Filed under .NET, Diagnostics Tagged with ,

Older posts

Newer posts

Elliot Balynn's Blog

A directory of wonderful thoughts

Software Engineering

Web development

Disparate Opinions

Various tidbits

chsakell's Blog

WEB APPLICATION DEVELOPMENT TUTORIALS WITH OPEN-SOURCE PROJECTS

Once Upon a Camayoc

ARCHIVED: Bite-size insight on Cyber Security for the not too technical.