I was told that there's an encryption library I can use and there's a couple that I can choose from (eg. AES, RSA, etc). I also read something about keys. Are keys something you just generate so you can encrypt and decrypt a series of texts? Do you have to purchase that key? Also, is there a best practice that I need to be aware of in encrypting and decrypting? Is encrypting a password recommended? Would performance be affected?
Not sure if I'm posting the question in the right category.
1) I'm working in a project where encryption of data is high priority. Could some one suggest what would be the best encryption method to protect data from being cracked.
I'm using TCP/IP protocol.
2) Is HTTPS totally secured. If I'm using HTTPS, does that mean that there is no encryption of data required in the coding?
When you need to store sensitive data such as CCs or SSNs, do you:1) Build your own encryption routine within the application, define a secret key somewhere in a config file, and then manually encrypt/decrypt data going to the database.2) Push all the problem to the database, using the built in DB capabilities (I think most vendors call it Transparent Database Encryption).What trade-offs have you find for your solution? Does writing your own routine perform poorly when compared to TDE? Is code maintainability, or conversely DB vendor lock-in an issue?
I am looking at the twitter api page http://apiwiki.twitter.com/ and I noticed that they have already built libraries that are wrappers against the twitter api. So I am thinking this is the best way to go but I am unsure which C# library I should use.
What I am trying to do is make some simple service or cmd line application that will help me automate retweeting.
So I am looking for a library that will allow me to get posts from other twitter accounts and then retweet them from another account.
I am not sure if the library can do this or not. Otherwise I was thinking of getting the RSS feed from the twiter account I want to get the twitters from parse out the new ones and use a library to retweet them on my own account.
I have not used twitter much so I am hopping someone can shed some light on this.
I am using a Query Encryption Technique shown in Thread[URL]I am facing a problem with the above module status bar always displays real URL,& when ever i right click on page then properties than Address URL shows Real URL
I would like to use the System.Security.Cryptography to encrypt / decrypt my passwords strings for my custom membership provider login.I've read some basic article's but they don't explain much about the process in detail. I've decided to use AES because it is said to replace DES encryption. How can I encrypt and decrypt my password strings in the strongest way possible with AES? I would really like a very detailed explanation about the method to use for this task.
A few years ago, when first being introduced to ASP.net and the .NET Framework, I built a very simple online file storage system.This system used Rijndael encryption for storing the files encrypted on the server's hard drive, and an HttpHandler to decrypt and send those files to the client. Being one of my first project with ASP.net and databases, not understanding much about how the whole thing works (as well as falling to the same trap described by Jeff Atwood on this subject), I decided to store freshly generated keys and IVs together with each file entry in the database.
To make things a bit clearer, encryption was only to protect files from direct access to the server, and keys were not generated by user-entered passwords. My question is, assuming I don't want to keep one key for all files, how should I store encryption keys for best security? What is considered best practice? (i.e: On a different server, on a plain-text file, encrypted). Also, what is the initialization vector used for in this type of encryption algorithm? Should it be constant in a system?
If a website is already using SSL, this guarantees a secure channel between the client and the website right. If I do another encrypt on the information being transmitted via HTTP POST would this be an overkill?
I am encrypting data (health care industry) using the aes encryption classes in the .net framework. What are some of the recommended locations for safely storing the key? I have it in the web.config for development, but that does not feel production worthy, to say the least.
I am struct in a bad sitiation. I have developed my whole application and at the end client requested that they want encrypted URLs :(. Now application is in a state where I can not encrypt URL on individual pages.Is there any module through which I can add URL encryption throughout my website without changing the application as application code is 100% verified from Q/A.
I inherited a ASP.Net website. Some changes need to be implemented. The login for the application is encrypted using the md5cryptoserviceprovider class. After upgrading to 2.0, the password is no longer encrypted the same as when it was 1.1.
I left the 1.1 virtual directory and it's still working. On the same box, I loaded the 2.0 code and setup a new virtual directory (which isn't encrypting the same as 1.1).
I copied the section below from the 1.1 machine.config section into the web.config and the 2.0 machine.config.
I have an MVC2 .NET 4.0 app, hosted on TFS 2008 (soon to be TFS 2010) that uses connection strings in web.config to connect to a database on another server. I need to encrypt these connection strings.
As I understand it, I can use aspnet_regiis.exe to encrypt the connectionstring portion of the web.config file, but I have to do it on the deployment machine because the encryption uses the machine name to generate the encryption key.
Now, it seems to me that this represents a problem - every time I deploy my code to the dev server won't it overwrite the web.config file, and need to be re-encrypted? This sort of manual process seems kludgy.
Is my understanding about needing to re-encrypt after deployment correct? If so, is there some way to automate this process? I don't want to forget this or get a new team member who doesn't know the process and have the connectionstring exposed to the world.
I have a problem trying to encrypt a string in PHP and also in C# using DES (cbc) encryption. The problem I'm facing is that I'm getting different results using the different languages.In C#:
But something is going wrong somewhere, I suspect it's a difference between (PHP) pack("H*", '0F26EF560F26EF56') and (C#) StringToBytes.ConvertHex("0F26EF560F26EF56") but I'm really struggling to spot it.
i an sending the url with some inofmation say some thing like this:
"http://localhost:4622/Emp_ResumeResult.aspx?UId=109" now if any one types 110 in place of 109 the infomration of 110 is being displayed so how can i hide this information and how can in encript and decript this issue any url or code.
I have a stored encryption: "dkljas84u238jidasjidoia"When I get in this instance decryption "11111111111111111"show how the combobox "****************** 1111 "Something like: SELECT RIGHT ('11111111111111111 ', 4)
I'm just starting to really get into JSON as a tool for my sites. I was showing my friend how I am calling a WS and returning the data, and he asked me about security of passing JSON data to and from a web service as he saw the data from the "POST" (via Firebug). Many of our public facing sites deal with member information and contain PHI. Can I encrypt the JSON data and then unencrypt it? Is that a good way to go about it to ensure a layer of protection? Or is there another "better/right" way of doing it? Or are his concerns unfounded? Is there an article about how to encrypt or secure the JSON data when needed? Just trying to gather as much knowledge as possible before I go down a path that won't work for the company.
//First delete aspnet_regiis -pz MyKeyName //Create the container aspnet_regiis -pc MyKeyName -exp //Install the key into a machine-level RSA key provider aspnet_regiis -pi MyKeyName pathToKeyFile //Encrypt aspnet_regiis -pef "connectionStrings" -prov pathToWebConfigFile
//So that's all good so far. If I want I can now decrypt which runs just fine on the same machine: aspnet_regiis -pdf "connectionStrings"
I now take the Encrypted file and bring it to another machine and instal the same key (got from exporting my key using aspnet_regiis -px "MyKeyName" "C:MyKeyName.xml" -pri).
Now when I run the same decryption command I get an error " Decryption failed... Bad Data..."
My website has to connect to a hosted SQL Server database. The connectiostring, incluing username and password, is stored in the web config file.I have two questions.The first is that everything I read says this must be encrypted so that it cannot be read and used by others. Well, how would that happen. My understanding of ASP.net is that all the work is carried out on the hosted server and the rendered page is then delivered to the user. How would a user be able to view my connectionstring.Secondly, I have used some msdn vb.net code to encrypt the connection string in the web config file. Following on from the first question, how can I confirm that the encryption is intact on the published web.config file.
I am creating an application that will save financial data.I am in the process of creating an architecture for this application.I am stuck deciding wether to do encryption on the application side or SQL Server side. I am planning to use AESManaged algorithm for this.My requirement is such that the ecnryption key is unique for each user (based on user's password).I am of the opinion that it should be on the application server side as it becomes easily scalable. Another attractive thing that I find is that if my frontend is Silverlight then I can pass on the actual encryption load onto the client system.
I am trying to use both .NET Cryptography as well as SQL Symmetric Encryption with Triple DES, if it's possible. I was able to set up a test database with encryption on a single field like so:
[Code]....
I am using this because of SQL Reportas that are being ran and I don't have access to C# development within them. Now to insert the encrypted key what do I use? I found the following code on another post http://forums.asp.net/p/902066/1000988.aspx#1000988: [Code]....
How do I modify OR what code do I use to Encrypt/Decrypt the SQL Encryption, does the SQL Encryption method need to change..Is it even possible?
I'm trying to encrypt username and password using a key file generated using enterprise library and every thing works fine, but the problem is that key can only be used on the mashine on which i have generated the key,eithor by machine mode or user mode, i want to ask if their any way to use encryption without using a key file ...