Walk through the "black art" of cryptography, including public/private and symmetric encryption, hashing, digital signatures, and a dash of salt. Review the basics of cryptography and what techniques are appropriate for various situations. Discover practical techniques for securing content received on public web sites. Review .NET classes to use for cryptography, how ASP.NET uses cryptography, and how to protect sections of the web.config file.
Introduction Hi. Welcome to an Introduction to Cryptography. My name is Robert Boedigheimer. In this first module, we're going to look at some basic definitions around cryptography. We're also going to take a look at a brief history of cryptography; we're going to try to answer the question why do we want to use cryptography, and we're going to look at some things we need to consider when we're going to use cryptography to increase the security of our systems.
Hashing In this module, we're going to look at hashing and hash functions. First, we're going to give a definition of what a hash function is. We're going to talk about common hash functions. We're going to look at a technique called Tamperproof Querystrings where we want to be able to protect the querystring values that are sent to our server to make sure people are not modifying them on the client and gaining access to information they shouldn't see. We're going to look at using hashing for hash passwords. We're then going to look at salted passwords and the extra security that gives. And finally, we're going to look at some of the hashing techniques that are used in ASP. NET.
Symmetric Algorithms In this module, we're going to look at what I think people typically think of when they think of encryption, and that's symmetric algorithms. We're going to give a definition of what those are. We're going to look at some common symmetric algorithms. We're going to discuss how they work. We're also going to look at the CryptoStream class and we're going to show some examples of where symmetric encryption is used in ASP. NET.
Asymmetric Algorithms In this module, we're going to look at asymmetric algorithms; we're going to start with a definition of what they are, we're going to look at some common asymmetric algorithms, we're going to see how you can generate keys, and we're going to see a practical implementation where we can use encryption on a website safely.
Miscellaneous In this module, we'll look at digital signatures, which are techniques that use a lot of the different cryptography we've seen so far. We'll look at protecting configuration sections. So this is the ability to encrypt a section of a web. config, so if someone gained access to that file they would not be able to read the contents. We'll talk a little about key sizes you should use and storage of keys. We'll also look at other. NET cryptography that is available. Then we'll look at digital certificates and PKI, which addressed the concerns about public keys and how we know they're from the person that we intend. And lastly, we'll look at SSL and TLS, which are used between browsers and servers to encrypt their conversation so they cannot be intercepted in transit.