Last post Jan 19, 2017 06:16 AM by priyalwalpita
Jan 19, 2017 03:44 AM|Rithu_dev|LINK
One of the requirement of the .Net project I am working now is to secure private information such as SSN, DOB and Password.. We are performing required encryption when we are saving the data but what are the things we need to do secure data in memory before
it is persist in the DB ?
What is the best algorithm that we can use when persist data in the DB ?
Jan 19, 2017 06:16 AM|priyalwalpita|LINK
In order to secure in-memory string fields you need to use the SecureString class.
As an example if you manage your password(plain text) using a string data type, there is a high risk that some one can grab your password from the memory. Because in .Net, the String data type is immutable and you do not have any control over it.
So the beat way to manage sensitive string data in a .Net app is by using the
SecureString class. It is managing string data as byte arrays and you do not need to worry about data conversions etc.. You can use the Dispose() method when ever you finish your work with sensitive data.
I hope you are not using encryption in passwords ? Passwords need to hashed using good salt and good hashing algorithm. Do not use MD5 or SHA1 because these are weak
hashes according to the current standards. At the moment we can consider the PBKDF2 is one of the best hashing algorithms available. The AspNet
Identity framework using the PBKDF2.
You can use AES algorithm to encrypt your other sensitive data. But keep in mind to secure your keys. You can use the .Net Key container for that purpose