Keep your data secure with AES

Thursday, November 20, 2003

.NET

I just finish reading an article in the November issue of MSDN Magazine.
This month is focus on security.

Well I don't pretend to be a specialist, so I learned a lot from an article on encrypted data by James McCaffrey.

I already used hashing method, what is called one-way encryption.

I didn't know that you have also a two-way method, AES (Advanced Encryption Standard) based on a 256 bit key.
To say the least, surely secure enough!

James's article includes also a C# implementation. I think using it for the case I store user passwords, and I need an admin to be able to retrieve and decrypt a lost password.

3 Comments

Actually for user passwords hashing with a salt is typically the way they are done. They are usually not encrypted with symmetric encryption, because there is usually no reason to be able to decrypt them. If a user loses a password then you simiply reset it. You don't want to, or at least I don't want to be able to decrypt my users passwords, that can lead to a whole can of worms I don't want to deal with.

Wes

Wes - Friday, November 21, 2003 12:37:00 AM

There is an implementation of AES (and others) in the System.Security.Cryptography, if you're using C#. It will (hopefully!) be better tested than the version in the article, and I think it delegates to the Win32 CryptoAPI, which means it will run faster than the C# version.

Andrew Birkett - Friday, November 21, 2003 12:49:00 AM

Wes yes I didn't realise this. Very valid point. Thanks

Paschal - Friday, November 21, 2003 9:21:00 AM

Comments have been disabled for this content.