General discussion

  • Creator
    Topic
  • #2177151

    Protect sensitive data with hashing

    Locked

    by maryweilage ·

    This week’s .NET newsletter describes how you can protect sensitive data with hashing.

    Is cryptography a focus for your application development projects? If so, do you protect sensitive data by using hashing or a different method? What do you think about adding salt to hashing algorithms? What are your thoughts on the recent findings about SHA-1?
    http://techrepublic.com.com/5100-10595_11-5589362.html

    If you haven’t subscribed to our free .NET newsletter, sign up today! Click this link to subscribe automatically:
    http://nl.com.com/MiniFormHandler?brand=techrepublic&list_id=e605

All Comments

  • Author
    Replies
    • #3350304

      use a dual system

      by jaqui ·

      In reply to Protect sensitive data with hashing

      obscuring be keeping sensitive data as separate as possible from un secured access, and encrypt the data.

    • #3350189

      remark on the C# code sample

      by danny.heijl ·

      In reply to Protect sensitive data with hashing

      …snip…
      intermediate = Convert.ToBase64String(salt) + test;
      byte[] result = new byte[intermediate.Length];
      result = sha.ComputeHash(System.Text.Encoding.UTF8.GetBytes(intermediate));
      …snip…

      result does not need initializing, and the length will be fixed to the length of the chosen hash (160 bits in the case of SHA-1, and not 196), so you could write:

      ….snip…
      intermediate = Convert.ToBase64String(salt) + test;
      byte[] result = sha.ComputeHash(System.Text.Encoding.UTF8.GetBytes(intermediate));
      …snip…

      Nevertheless a good article. Perhaps a HMAC should have been mentioned too?

      Danny Heijl

    • #3351457

      Hashing passwords and connection strings

      by laugher ·

      In reply to Protect sensitive data with hashing

      Not having used the .NET functions you described, I assume the algorithim used by the functions produces a reversible hash?

      I’m curious as to your response as I always took hashes to be a one-way cryptographic function. I also thought SHA-1 was one-way as well.

      In which case, if my recollection is correct, then I’d be very interested in how you would compare password results or retrieve the original connection string to ensure it can be used for data retrieval functionality.

      • #3335796

        Not reversible but comparable

        by aspatton ·

        In reply to Hashing passwords and connection strings

        Hashing is a one-way process, but values can be compared to a stored hashed value by hashing the value to compare and comparing to the stored hashed value. This is the process used by the FormsAuthentication.HashPasswordForStoringInConfigFile method available in ASP.NET

Viewing 2 reply threads