Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I am currently working on an ASP.NET MVC 4.5.2 application. The application stores no really valuable data but in my opinion security should never be underestimated, even harmless data can get harmful in the wrong hands. So I decided to encrypt all user related data like chat messages and personal user data. I am using ASP.NET Identity to add users to the application. The user password is automatically hashed by the Identity Framework. But I wanted to go one step further and encrypt these datasets additionally, so that the password hash, e-mail address, username ... is also encrypted in the database. Every text message send by one application user to another should also be encrypted so that only the authorized users can read the content even if the database gets stolen.
After reading lots of articles about how to encrypt these datasets I decided to use something like AES or maybe other encryption algorithms. Encrypt and store data in a database is no big deal. The whole thing gets not really exciting until it comes to store the encryption keys. I've read a huge amout of tutorials and posts on plattforms like StackOverflow which discuss how to properly encrypt sensitive data, but most of the articles are ending without providing solid solutions on how to store encryption keys.
After some research I found some interesting answers from StackOverflow users on this topic:
PaulGs answer on "How to properly do private key management"
Vault by HashiCorp
The Vault is an open source project focusing on storing secrets. I want to provide these links here for other fellows searching for this topic but unfortunately my reputation is not high enough to add all links so I decided to provide only the two most relevant.
Reffering to PaulGs Answer...
[...] My implementation was to have a Key Server application running on a windows box. This application required entry of two separate 'key server master keys' before it could be used. These keys would be known only to the key server administrators. These keys are xor'd together to generate the Master Key, which is stored only in protected memory whilst the application is running. Application can then automatically generate cryptographically strong Key Encrypting Keys, which are stored in encrypted form using the Master Key. [...]
... my question is:
Edit:
How "good" is PaulGs procedure on a security point of view and how can I create "protected memory" as csharp developer? I hope this question is more specific as my last set of questions.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 8 months ago.
Improve this question
I am developing an api project which will have users who will be registering and logging in and out of an mobile application. I will be devloping this application using web api .net core 5. I want to handle the authentication of users via logging in based on a valid jwt token.
My question is which type of hashing is suitable for storing the hashed password in the database. Here are 2 types i have been looking at, which one is more secure?
//sha256 method from the system web helpers namespace
var hash1 = Crypto.SHA256("password");
//hashpassword from the system web helpers namespace
var hash2 = Crypto.HashedPassword("12345");
Both are from micorosft/.net libaries so i am under the impression that they are both secure, however I have noticed there are some websites have a decryption mechanism for sha256. I am edging towards the hashedPassword method in the Cryto class...
SHA256 uses the SHA256 algorithm while HashPassword uses RFC 2898.
As for the differences, have a look at this post.
You should opt for HashPassword, as it automatically generates a salt for you. Also, the RFC 2898 is considered more secure, as it's intentionally slowed down, which makes it harder to brute-force.
Note: both are hashing algorithms, not encryption algorithms, so neither can be "decrypted" by definition.
I've seen bcrypt recommended a few times as a password hashing algorithm due to its ability to support a varying number of iterations within the algorithm to protect against today's ever more powerful CPUs/GPUs when trying to crack them.
George Stocker's very informative answer includes some good resources for reading up on this subject.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I have a number of projects developed in WinForms. Despite looking around on SO and other areas I've not really found a satisfactory answer.
The projects make use of the app.config and are deployed to multiple users using ClickOnce. Each physical install on a users machine will have both the deployed application as well as the app.config. The app.config holds credentials for a restricted account for a database.
Is it possible to encrypt data such as credentials for a Db connection in WinForms that is deployed to the masses? Some users work on laptops offsite, so a network connection wont always be available. I'm just trying to find out what the best practices are for securing a WinForms application might be in this scenario.
Of course you can save the credentials as an encrypted string in your app.config. SO provides some good examples on how to use the System.Security.Cryptography.Rijndael symetric algorithm.
This of course requires the same key to encrypt and decrypt the data. That key will be stored in the source code, and .NET sourcecode is not really save, everyone with the ability to use google and use a program with more than one button will be able to find it in the decompiled code and thus, it's only slightly more safe than just having the password not encrypted.
Most important is, that the credentials your app uses to access the database are only allowed to do what the app needs, so not like using SQL Management Studio to oben the DB and being able to reconfigure everything (Saw that once at a customer).
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I'm working on a windows desktop application (WPF) written in C# that download some files from a server at each startup. These files play a huge role in making the application work.
I would like to protect the content of these files with some form of encryption such as AES. These files should remain encrypted even when they are read by the application. So I am looking for a way to decrypt the files on the fly when they are being accessed by the application. In other words, only the application could understand the files but if users open them with other programs, they will be encrypted still.
It would be great if you could share some ideas or articles about the implementations. Thanks!
Edit 1:
The application make use of CefSharp to browse the HTML/JS/CSS files that are downloaded from the server at each startup.
Edit 2: I'm trying to implement something like TrueCrypt.
Edit 3: I would like to how to do what TrueCrypt can do. It encrypts the files and the encrypted files can be opened by any program normally because it decrypts them on the fly whenever the file are opened. I need this because I want to protect the HTML/JS/CSS files loaded by my application's embedded browser (CefSharp).
You need to realize that you cannot prevent users from accessing your unprotected files on an open platform like the PC. That is what DRM tries to achieve for decades now, however this goal is unachievable by definition.
The only thing you can do is to make it harder / more cumbersome to access the unprotected files, however in the end, if someone decides to put enough effort into circumventing your protection, she or he will always succeed.
For instance, you may obfuscate your source files (by dedicated obfuscators or simply by minimizing them), you can use some non-standard file encoding (reverse of base64) or you may use some kind of encryption method. Because you need to ship your key as well, any encryption method will do, no matter how secure or insecure it is.
Finally, as others have already mentioned, the crypto primitives are located in the System.Security.Cryptography namespace. Note however that for security sensitive systems I would not recommend to use them directly, because there are many nuances and getting it right is actually quite hard. You should have a look at libraries like SecurityDriven.Inferno, which wrap the crypto primitives with secure defaults.
You should use the System.Security.Cryptography Namespace of the .NET-Framework.
Here and here you'll find two examples you can use.
Note: First, you have to read the content of the file AS BYTES[] using a FileStream or System.IO.File.ReadAllBytes. And you have to implement your KEY - which means it is hardcoded in your application and can be found using a decompiler!
So, it is almost impossible to prevent the user from reading the data.
As Thomas said, using System.Security.Cryptography is the best way to encrypt data. However you'll need to include the cryptography keys in the client application and it is very easy for anyone with access to this application to extract the keys.
You're probably better off not wasting your time encrypting the files.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I'm sorry if this is the wrong place to put this, but since I normally code in C#, and my potential solution would involve using C# I figured this would be the best place to start.
I've been given a task at work to allow our customers the ability to transmit confidential record information from their office to our in-house, or possibly a new cloud-based, server.
I have been rather adamint that to transmit said data, a SSL certificate must be aquired by us through a third party. But I'm wondering if that really is true.
The more I researched SSL certificates the more I've come to realize that all they really are is one company vouching for another. The encryption (even on an expired certificate or on a self-signed certificate) works and the encryption is just as secure as one that isn't. Sure, the user is presented with nasty icons and red screens showing that "hey! this may not be safe!" But if the user doesn't visit a "https" prefixed website and only visits a "http" website, what would be wrong with encrypting data client-side, submitting it to our server, decrypting it server side and vice-versa?
Encryption is encryption right?
Or what if a WinForms app was created that did the same as above? Encrypt data, submit it to our servers and the servers decrypt it.
I just can't justify paying thousands of dollars a year to have Verisign, or whoever, issue us a certificate when 99% (I'm willing to bet) of the users on the internet don't even bother checking the validity of the certificate.
I obviously want to make sure everything IS secure, and I'm not downplaying the role of SSL certificates or keeping things secure, but I just fail to see the logic behind aquiring one, if the same type of encryption can be achieved in-house with better control and, if you ask me, better security.
Any thoughts or opinions?
You need to learn about MITM attacks, which require some form of authentication to prevent.
If you just use a self-signed certificate, an attacker can impersonate your server and send his own self-signed certificates, and your clients won't know anything is wrong.
If you just encrypt data in Javascript, an attacker can easily modify the Javascript to send him a copy of the plaintext first.
If you already have a secure channel to distribute the client (eg, WinForms) app, you can use certificate pinning and your own CA instead of paying for an SSL certificate. However, this involves more work on your part (remember to handle revocations).
Also, in order to securely distribute the app in the first place, you'll still need SSL. (or an attacker can rip out all of your crypto code before it runs)
I'm not sure what kind of data you are trying to send, but you could certainly avoid using a website altogether to send and receive data. The strategy could be something like:
Client:
WinForm (data entry) -> SFTP server
Server:
SFTP server -> Windows Service -> SQL Database
You would just have to setup the SFTP service and deploy your WinForm and Windows Service securely.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
I am creating a MVVM application and the basic system allows a user to register, login, and add data to a database.
There are multiple users, so I want the system to be able to maintain the user's credentials/state after they login and have the application open.
So far I haven't been able to find any good tutorials online to advise me about this, so if anyone knows any or knows of a way to do this I would really appreciate some help.
Thanks.
You can use application settings as a store for user state and credentials. To store settings in user's profile, you should set corresponding scope for each setting you'll define.
Consider settings as a part of application model (Model in MVVM).
Build model when starting application, using application settings, and save it on application shutdown.
Also, do not store passwords in clear text. Use ProtectedData to encrypt and decrypt passwords.
Use cookies or local storage are 2 things that jump out to me.
Simply, after receiving the username and password of the user, if the credentials are correct generate a guid and save it to db for that user and add this guid in cookies also. And on every request search the guid value in db and authorize the user if the guid is existing.