Every effort has been made to ensure the accuracy of this book and the sample files. If you run into a problem, Microsoft Press provides corrections for its books through the World Wide Web at the following Web site: http://www.microsoft.com/mspress/support/ .
If you have problems, comments, or ideas regarding this book,
Attn: Security for Microsoft Visual Basic .NET Editor
One Microsoft Way
Redmond, WA 98052-6399
Please note that support for the Visual Basic .NET software product itself is not
The authors wish to thank the following people: Our first and most influential reader, Mike “Shhh… don’t mention big brother systems” Pope; technical advisors, Erik “security god” Olson, David “Mr. Policy” Guyer, Dave “Mr. Deployment” Templin, Mike Neuburger, Michael Kogotkov, Ashvin Naik, John Hart and Adam Braden; our Microsoft Press support team, Denise “We can’t print that!” Bankaitis, Sally Stickney, Danielle Voeller, Roger LeBlanc, Chris “Brains” Wille; our boss, Rick “It’s a book about baseball? Sure I’ll approve it” Nasci; and our families, without whom none of this would be possible, Jane Bond, Sarah and Katie Bond, and Catherine Robinson and Stella Robinson.
Key concepts in this chapter are:
Using hash digests for storing and verifying passwords
Using private key encryption
Writing a public key encryption routine
Modifying a database to store passwords and bank account
Protecting password fields on forms
Knowing where to use encryption in your own applications
If you read the Introduction, you’ll recall that this book is for Visual Basic .NET programmers new to security, not security experts new to Visual Basic .NET. This book unashamedly
What is encryption? Before discussing how to implement encryption with Visual Basic .NET, you need to have an understanding of encryption in general. Encryption is about keeping secrets safe by
Encryption isn’t just used in
Figure 1-1: Encrypting and
Computers allow us to encrypt rich messages in real time, but the underlying principle is the same as in the simple baseball example. For encryption to be effective, the sender and the recipient must be the only parties who know how to encrypt and decrypt the messages. Microsoft Windows and the .NET Framework provide robust algorithms for doing encryption, and we’ll use these routines in this chapter. Unless you’re an encryption expert, you shouldn’t try to write your own encryption algorithm, for exactly the same reason that only aviation
It’s a common
Confidentiality Only the intended recipient will be able to decrypt the message you send.
Authentication Encrypted messages you receive have originated from a trusted source.
Integrity When you send or receive a message, it won’t be tampered with in transit.
Some cryptography mechanisms are one way; that is, they produce cipher text that can’t be decrypted. A good example of a one-way cryptography is a
. A hash is a very large number (the hashes in this chapter are 160 bits in
In the examples in this chapter, you’ll learn how to create and use a hash for verifying passwords. You’ll also learn how to use private key encryption for storing and retrieving information in a database. We’ll also begin building a library of easy-to-use encryption functions that you can reuse in your Visual Basic programs.