Hacking the Code: ASP.NET Web Application Security

Cryptography

There is no discussion of security that does not at least reference cryptography or encryption. Although cryptography is an absolute necessity to create a secure environment, it is not the Holy Grail of security. This section highlights the cryptography features that come with the .NET Framework. If you already have worked with Windows 2000 Cryptographic Service Providers (CSPs) and/or used the CryptoAPI, you know nearly everything there is to know about cryptography in the .NET Framework.

The most important observation is that the ease of use of crypto functionalities has improved a great deal over the way we had to use the CryptoAPI, which only was available for C/C++. An important addition in the design concept of the cryptography namespace is the use of CryptoStreams, which make it possible to chain together any cryptographic object that uses CryptoStreams. This means that the output from one cryptographic object can be directly forwarded as the input of another cryptographic object without the need to store the output result in an intermediate object. This can enhance the performance significantly if large pieces of data have to be encoded or hashed. Another addition is the functionality to sign XML code, although only for use within the .NET Framework security system. To what extend these methods comply with the proposed standard RFC 3075 is unclear.

Within the .NET Framework, three namespaces involve cryptography:

  • System.Security.Cryptography The most important one; resembles the CryptoAPI functionalities.

  • System.Security.Cryptography .X509 certificates Relate only to the...

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Data Security Software
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.