Chapter 7: .NET Cryptographic Techniques | .NET Development Security Solutions

Overview

Updating Your Machine’s Cryptographic Settings
Considering the Cryptographic Methods That .NET Supports
Developing Applications That Encrypt and Decrypt Files
Understanding the System.Security.Cryptography.X509Certificates Namespace
Creating Applications That Use Hash Functions

Cryptography is a math-based technique for changing data from a readable to an unreadable format for transport to another location and back to a readable format when it arrives at the destination. This application feature causes a lot of consternation and you read about it all the time. In fact, you hear about this technology so often that you might be tempted to think that it’s relatively new. However, cryptography has appeared in one form or another for many centuries. It’s probably the oldest technology that you’ll ever use with a computer and definitely the most fragile.

Note

This book won’t provide you with a history of cryptography or all of the cryptographic technologies used throughout history. However, you can find interesting articles about cryptography during World War II at http://www.cs.miami.edu/~harald/enigma/enigma.html and http://www.pbs.org/wgbh/nova/decoding/. If you would like to read about some of the ways in which modern computer cryptography came into being, check out http://www.turing.org.uk/turing/. The true beginnings of cryptography are unknown, but you can read the suspected beginnings at http://www.sans.org/rr/encryption/history.php . If you’re really interested in the historical aspects of cryptography, try the book The Codebreakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet by David Kahn (Scribner, 1996).

Every form of cryptography relies on math to perform its task. An algorithm accepts input values and calculates an output based on those inputs. The goal is to find an algorithm and associated inputs that are so complicated that calculating the output becomes impossible. The problem is that computers constantly become faster, making a cipher (the name of the algorithm) that was perfectly safe yesterday unsafe today.

Using cryptography can create strong security, but you must still maintain a constant vigilance. As crackers devise new ways to break old encryption methods, you must upgrade to newer methods. Consequently, cryptography is a brittle technology at best—something you should suspect every time you use it. Fortunately, the .NET Framework is quite capable of accepting new cryptographic standards. As crackers break old standards, you can add new standards to your repertoire.

This chapter explores cryptographic techniques. I won’t espouse a particular cryptographic standard because it’s impossible to know when new standards will arrive on the scene. However, the techniques for using these ciphers will remain the same. Your code will change to use the new ciphers, but the process for using the cryptographic technique is unlikely to change.