20. Cryptography || C# 10 Flashcards
What encryption and hashing options do you know?
File.Encrypt
- Windows Data Protection
- Hashing
- Symmetric Encryption
- Public Key Encryption
Explain how the File.Encrypt
works
Protects files transparently with filesystem support. A key is derived implicitly from the logged-in user’s credentials. Windows only.
What is hashing?
A hashing algorythm distills a potentially large number of bytes into small fixed-length hashcodes. Hashing algorythm are designed such that a single-bit change anywhere in the source data results in a significantly different hashcode. This makes it suitable for comparing files or detecting accidental or malicious corruption to a file or data stream.
Hashing also acts as one-way encryption, because it difficult to impossible to convert a hashcode back into the original data. This makes it ideal for storing passwords in a database, because should your database become compromised, you don’t want the attacker to gain access to plain-text passwords. To authenticate you simply hash what the user types in and compare it to the hash that’s stored in the databse.
To hash:
byte[] hash;
using (Stream fs = File.OpenRead(“checkme.doc”))
hash = SHA1.Create().ComputeHash(fs); // SHA1 is 20 bytes long;
What does “salt” mean and why it is used?
“Salt” is a standard technique when hashing passwords - a long series of bytes that you initially obtain via a random number generator and then combine with each password before hashing.
This works for several reasons:
- You must know the salt bytes;
- You should be able to access a publicly available precomputed database of passwords and their hashcodes.
How it looks:
byte[] encrypted = KeyDerivation.Pbkdf2( password: "stRhong%pword", salt: Encoding.UTF8.GetBytes("j78Y#p)/saREN!y3@"), prf: KeyDerivationPrf.HMACSHA512, iterationCount: 100, numBytesRequested: 64 );
What is symetric encryption? What might make this encryption stronger?
Used for general purpose encryption/decryption. The same key encrypts and decrypts. Can be used to secure messages in transit.
By using IV (Initialization Vector) we can make this encryption more secure. IV is 16-byte sequence, much like a key, is changed with every sent message . This would render each encrypted message unrecognizable from any previous one - even if their uncrypted versions were similar or identical.
How CryptoStream, as decorator, is unusual?
CryptoStream is unusual in that its Flush method does nothing. To flush a stream without disposing it you must call FlushFinalBlock. In contrast to Flush, you can call FlushFinalBlock only once, and then no further data can be written.
How does the “public key encryption” works?
Public-key cryptography is asymetric, meaning that encryption and decryption use different keys.
A key pair contains a public key and private key components that work together as follows:
- The public key encrypts messages
- The private key decrypts messages.
A special feature of this type of cryptography is that you cannot calculate private key from a public key. So, if the private key is lost, encrypted data cannot be recovered; conversely, if a private key is leaked, the encryption system becomes useless.