Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error
Data Encryption
Options
Previous Topic Next Topic
sbrickey
#1 Posted : Tuesday, January 31, 2012 3:22:14 PM(UTC)
Rank: Advanced Member
Groups: Registered

Joined: 12/16/2011(UTC)
Posts: 35
Location: Ohio, USA
Just thought it'd be nice to have some sort of encrypted data field. Not sure whether this would be better served as a single text/textbox field, or as a data persistence wrapper.

For me, I probably only care about a single field.

Regarding implementation... since the data needs to be decrypted by the system, a key would need to be stored *somewhere*. I'm unsure whether it's available in Mono, but Microsoft's recommendation seems to focus on using DPAPI (data protection API) with a key being stored to the application pool's user account, or the machine account. Given the large variety of implementation options (hosted internally, hosted externally, etc), I've not personally heard of one "best" way. I would also think that salting the hash would be worthwhile (to avoid rainbow tables), perhaps using the UUID.

Thanks,
-Scott
Back to top
WWW
jifeng
#2 Posted : Wednesday, February 01, 2012 4:13:15 AM(UTC)
Rank: Administration
Groups: Administrators, Registered

Joined: 9/3/2009(UTC)
Posts: 1,555
Location: Xiamen China
If using the UUID, it is really dangerous. :)

The encryption field is not a regular request, you can extend the text content event to encrypt the field and manage the key by yourself. It is not so difficult.
Regards,

Jifeng Huang

Kooboo Team

Microsoft ASP.NET MVP
Back to top
WWW BLOG
Users browsing this topic
Guest
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Powered by YAF 1.9.5.5 | YAF © 2003-2011, Yet Another Forum.NET
This page was generated in 0.288 seconds.