Encryption in the Real World

Previous page
Table of content
Next page


At the end of most chapters in this book, you’ll find a section like this one that explores where you might use techniques learned in the chapter in your own real-world projects. Encryption has a number of uses but two main purposes:

  • Securely storing sensitive information on a disk or in a database so that it can be accessed only by an authorized person or software program.

  • Scrambling information so it can be transported from one trusted system to another trusted system over an insecure transport such as the Internet. Some specific examples are listed here:

    • Authenticating passwords. This can be done using either a hash digest or a private key. Hash digests are a good choice when the password is used only for validating the login. If, however, the password is used for connecting to a database, private key encryption is the better method because the system needs to use the unencrypted string.

    • Verifying the integrity of a file. Because a hash digest is a unique signature, it can be used to verify that a piece of information, such as a file, is unchanged. For example, you can send an XML file through the Internet and then send the hash of the file; in this way, the recipient can verify that the file wasn’t corrupted during transmission.[2]

    • Storing and retrieving sensitive information in a file, registry, or database. Private key encryption is a good method for two-way encryption of information when both the encrypting and decrypting parties know the key.

    • Transmitting secret information over the Internet. Private key encryption is good for passing secret information over the Internet, provided both parties already know the key. Public key encryption can also be used, but it’s slower and subject to size limitations.

    • Receiving private information, such as private user information over an intranet, extranet, or the Internet. Public key encryption is a great way to get information from someone who doesn’t already possess a private key. The ultimate recipient of the information creates a key pair and sends the public key to the sender of the information. The sender encrypts the information and then submits it to the recipient, who uses the private key to decrypt it.

[2]Be aware that this is not a guarantee against tampering—an intruder could modify the file and then create a hash of the modified file.


Previous page
Table of content
Next page
Security for Microsoft Visual Basic .NET
Security for Microsoft Visual Basic .NET
ISBN: 735619190
EAN: N/A
Year: 2003
Pages: 168
BUY ON AMAZON
Database Modeling with MicrosoftВ® Visio for Enterprise Architects (The Morgan Kaufmann Series in Data Management Systems)
A+ Fast Pass
C++ How to Program (5th Edition)
AutoCAD 2005 and AutoCAD LT 2005. No Experience Required
The Oracle Hackers Handbook: Hacking and Defending Oracle
GDI+ Programming with C#
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy