How to hash passwords with a salt in .NET

October 26, 2017 2 Comments

In this post we learnt about using hashing in .NET. We also saw one of its basic functions in the same post which is message verification. In this post we saw how hashing coupled with a random key can be used for message authentication.

We also mentioned another common usage of hashing which is password storage. A password should never be stored as clear text in your system. Instead we save its hash value and when a user enters a password in a login field then we compare the hashed values instead of the plain string passwords. However, a simple one-way hash is generally still not good enough.

Read more of this post

Filed under .NET, Security Tagged with , ,

Using HMACs to authenticate a hash in .NET

October 25, 2017 Leave a comment

In this post we learnt about using hashing in .NET. Hashes provide a one-way encryption of a message where the hash value ideally cannot be “unhashed”, i.e. we cannot build the original string from it. A hash or message digest helps us verify whether the message has been tampered with by a third party after it was sent to us.

We can take a step further and add an extra layer of security on our hashes. After all a message and its hash could originate from anyone. How can we verify the authenticity of the message as well? That’s where Hashed Message Authentication Codes, also called HashMACs or HMACs enter the picture.

Read more of this post

Filed under .NET, Security Tagged with , ,

Hashing messages using various hash algorithms in .NET

October 24, 2017 Leave a comment

A hash of a message can be viewed as its unique identifier. A series of bytes, such as a string, can be converted into hash, also called a message digest. A message digest is also a byte array that can be converted into a base 64 string for better readability. There are various hashing algorithms out there that can calculate the hash of a message. Ideally each algorithm should produce a different digest for each message, i.e. “Hello world” should yield a different hash from what “H3llo world” produces. I.e. a single change in the byte sequence will change the resulting hash. Also, it should be impossible to calculate the original message from a hash. Therefore hashing is a one-way cryptographic operation.

Read more of this post

Filed under .NET, Security Tagged with ,

How to store the asymmetric keys in the Windows key store with C#

October 23, 2017 Leave a comment

Introduction

In this post we briefly looked through asymmetric encryption in .NET. This encryption type requires two keys as opposed to symmetric encryption where the same key is used for encryption and decryption. In asymmetric encryption we have a public and a private key. The public key can be distributed so that other people can encrypt their messages to us. Then we use our private key to decrypt the ciphertext and read the original message. Therefore we don’t have to worry about the public key getting into the wrong hands. On the other hand asymmetric encryption is significantly slower than symmetric encryption due to the higher mathematical complexity.

In the post referenced above we saw how to store the asymmetric key-pair in an XML string. You can save this string in a file or database for later retrieval. There’s at least one more option for storage which is the cryptographic key store on Windows. We’ll go through how to use it in this post.

Read more of this post

Filed under .NET, Security Tagged with , ,

Overview of asymmetric encryption in .NET

October 22, 2017 Leave a comment

Introduction

Asymmetric encryption is based on a pair of cryptographic keys. One of the keys is public, i.e. anyone can have access to it. The other key is private which should be kept secret. The keys are complementary which means that they go hand in hand, they are not independent of each other. If a value is calculated as the public key then the private key cannot be calculated independently otherwise the encryption process will fail. Normally the public key is used to encrypt a message and the private key is there for the decryption process but they can be used in the opposite direction as well. Asymmetric algorithms are also called Public Key Cryptography.

The most important advantage of asymmetric over symmetric encryption is that we don’t need to worry about distributing the public key. The key used in symmetric encryption must be known to all parties taking part in the encryption/decryption process which increases the chances of the key landing in the wrong hands. With asymmetric encryption we only need to worry about storing the private key, the public key can be freely distributed. For a hacker it is not practical to attempt to calculate the private key based on the public key, that is close to impossible to achieve.

However, asymmetric encryption is a very complex mathematical process which is a lot slower than symmetric encryption. Also, storing the private key can still be problematic.

Read more of this post

Filed under .NET, Security Tagged with ,

Overview of symmetric encryption in .NET

October 21, 2017 1 Comment

Introduction

A symmetric encryption algorithm is one where the cryptographic key is the same for both encryption and decryption and is shared among the parties involved in the process.

Ideally only a small group of reliable people should have access to this key. Attackers decipher an encrypted message rather than trying to defeat the algorithm itself. The key can vary in size so the attacker will need to know this first. Once they know this then they will try combinations of possible key characters.

A clear disadvantage with this approach is that distributing and storing keys in a safe and reliable manner is difficult. On the other hand symmetric algorithms are fast.

In this short overview we’ll look at the symmetric encryption algorithms currently supported in .NET.

Read more of this post

Filed under .NET, Security Tagged with ,

Implementing the IEqualityComparer of T interface for object equality with C# .NET

October 20, 2017 Leave a comment

The generic IEqualityComparer of T provides you a way to indicate whether two custom objects are equal. We’ve looked at equality in a number of posts on this blog – see the link below if you’re curious – and IEqualityComparer fulfils a similar purpose though its usage is different.

Equality comparers are most often used to filter out duplicates from a collection.

Consider the following class:

Read more of this post

Filed under .NET, C# language features Tagged with ,

Implementing the IEquatable of T interface for object equality with C# .NET

October 19, 2017 1 Comment

In this short post we’ll see a way how to make two custom objects equatable using the generic IEquatable interface. Consider the following object:

public class Person
{
	public int Id { get; set; }
	public string Name { get; set; }
	public int Age { get; set; }
}

The object superclass has an Equals method that we can test as follows:

Read more of this post

Filed under .NET, C# language features Tagged with ,

How to declare natural ordering by implementing the generic IComparable interface in C# .NET

October 18, 2017 Leave a comment

Primitive types such as integers can be ordered naturally in some way. Numeric and alphabetical ordering comes in handy with numbers and strings. However, there’s no natural ordering for your own custom objects with a number of properties.

Consider the following Triangle class:

public class Triangle
{
	public double BaseSide { get; set; }
	public double Height { get; set; }

	public double Area
	{
		get
		{
			return (BaseSide * Height) / 2;
		}
	}
}

Read more of this post

Filed under .NET, C# language features Tagged with ,

How to find various machine-level system information with C# .NET

October 17, 2017 Leave a comment

The Environment class holds a range of properties that help you describe the system your app is running on. Here come some examples with inline comments:

//returns true on my PC as it is a 64-bit OS
bool is64BitOperatingSystem = Environment.Is64BitOperatingSystem;
//returns the machine name, in my case ANDRAS1
string machineName = Environment.MachineName;
			
//returns information about the operating system version, build, major, minor etc.
OperatingSystem os = Environment.OSVersion;
//returns the platform id as an enumeration, in my case it's Win32NT
PlatformID platform = os.Platform;			
//the currently installed service pack, Service Pack 1 in my case
string servicePack = os.ServicePack;
//the toString version of the OS, this is "Microsoft Windows NT 6.1.7601 Service Pack 1" on this PC
string version = os.VersionString;

//I have 4 processors on this PC
int processorCount = Environment.ProcessorCount;

//returns 2 logical drives: C: and D:
string[] logicalDrives = Environment.GetLogicalDrives();

//this is how to find all environmental variables of the system and iterate through them
IDictionary envVars = Environment.GetEnvironmentVariables();
foreach (string key in envVars.Keys)
{
	//e.g. the JAVA_HOME env.var is set to "C:\Progra~1\Java\jdk1.7.0_51\"
	Debug.WriteLine(string.Concat("key: ", key, ": ", envVars[key]));
}

//retrieve the current CLR version, in my case it's "4.0.30319.18444"
Version clrVersion = Environment.Version;

View all posts related to diagnostics here.

Filed under .NET, Diagnostics Tagged with

Older posts

Newer posts

Elliot Balynn's Blog

A directory of wonderful thoughts

Software Engineering

Web development

Disparate Opinions

Various tidbits

chsakell's Blog

WEB APPLICATION DEVELOPMENT TUTORIALS WITH OPEN-SOURCE PROJECTS

Once Upon a Camayoc

ARCHIVED: Bite-size insight on Cyber Security for the not too technical.