How to secure data in .Net
String Encryption and Decryption
Password storage is a large topic in application security. A hashed representation of the password, using a contemporary encryption algorithm and process, is the accepted way to store a password in today's systems. Hashing is a one way function . It is irreversible, you apply the secure hash algorithm and you cannot get the original string back. Unlike a hash, you're not going to be storing this anywhere, as it is your secret key for your symmetric operation, so there's less risk of an attacker trying to find a recover the passphrase mostly because they just don't need to.
Using RFC2898DeriveBytes with a non trivial iteration count should be better than using a straight hash function for authentication purposes. The Rfc2898DeriveBytes class can be used to produce a derived key from a base key and other parameters. In a password-based key derivation function, the base key is a password and the other parameters are a salt value and an iteration count.
Rfc2898DeriveBytes is an implementation of PBKDF2. PBKDF2 uses a pseudorandom function and a configurable number of iterations to derive a cryptographic key from a password. Because this process is difficult to reverse but can also be configured to be slow to compute, key derivation functions are ideally suited for password hashing use cases. The details of PBKDF2 are openly published. The goal is one of "key stretching", making the overall process of generating or reversing the hash harder. The .NET Framework can abstract the details of the algorithm from the developer.
AES Represents the abstract base class from which all implementations of the Advanced Encryption Standard (AES) must inherit. It has specific vulnerabilities with related key attacks. Related key attacks are possible when an attacker knows some data encrypted with several keys, and there is some known relation between them.
The System.Security.Cryptography namespace provides cryptographic services, including secure encoding and decoding of data
Encrypt and Decrypt a String
From the following program you can learn how to Encrypt a string and Decrypt an Encrypted String
Source Code | C#
Password Security and Encryption
Source Code | Vb.Net
The built-in .NET implementation of Rfc2898DeriveBytes restrict the user to one pseudorandom function - HMAC with SHA-1. This is acceptable in most cases today, but in the future, a more complex hashing function may be required. Moreover, the .NET Compact Framework does not support Rfc2898DeriveBytes.
NEXT.....Datatype of a variable