I am having some trouble understanding the documentation on machinekey. What algorithm is being used to encrypt/decrypt the forms authentication ticket when the decryption attribute is not set. I have:
<machineKey validationKey="128CharacterKey" decryptionKey="48CharacterKey" validation="3DES"/>
I found some documentation saying that if the decryption attribute was not specifically set it would use the value in the validation attribute. I also found something saying it would use SHA-1. Yet another articles said it would be based on the size of the value in the decryptionKey.
Which algorithm is it using?
On a side note, which algorithm are most people using nowadays AES, 3DES, SHA1, etc?
On a side note, which algorithm are most people using nowadays AES, 3DES, SHA1, etc?
Certainly new applications should avoid 3DES in favour of AES for symmetric encryption. SHA1 should also be avoided, and use at least SHA-256 for hashing.
The defaults are on MSDN: AES and SHA1 (see Remarks section).
You'll want to read Chapter 6 of "Professional ASP.NET 3.5 Security, Membership and Role Management with C# and VB". Here's a link to the Google Books version of it, which should suffice...
It's definetely something you'll want to modify if you're building a serious application.
http://books.google.com/books?id=uAnOTcTR8l8C&pg=PA295&lpg=PA295PPA295,M1
Related
Is there practical difference between HS256 and HS512 encryption algorithms, or is the additional security from longer key redundant compared to already unbreakable key? Which one should I use to encrypt the JWT token?
Is it even possible to use HS512 encryption with auth0's java JWT?
The algorithm is used to perform a digital signature (not encryption) over the header and payload of the token. If you want to encrypt the token payload, you need to apply the JWE standard (see RFC)
Is there a practical difference between HS256 and HS512 encryption algorithms, or is the additional security from longer key redundant compared to already unbreakable key? Which one should I use to encrypt the JWT token?
HS256 means HMAC-SHA256. The difference with HS512 is the strength of the hash methods themselves. You can take a look at the keylength.com website and this answer. You will see that even SHA-256 has quite a large security margin. What's more, the HMAC algorithm is pretty much oblivious to attacks on the underlying hash algorithm. So even you can use HMAC-SHA1 safely.
Is it even possible to use HS512 encryption with auth0's java JWT?
I took a look at the code, and it is possible (but not documented). Use something similar to
JWTSigner.Options options = new JWTSigner.Options();
options.setAlgorithm(Algorithm.HS512);
jwtSigner.sign(claims, options);
Is it even possible to use HS512 encryption with auth0's java JWT?
You could do something like this:
Jwts.builder()
.setSubject(username)
.setIssuedAt(new Date())
.setExpiration(new Date((new Date()).getTime() + jwtExpirationMs))
.signWith(SignatureAlgorithm.HS512, jwtSecret)
.compact();
Example taken from here: link
What is the most secure hash algorithm to use in ColdFusion 9 (non-Enterprise)?
According to the CF documentation, these are the options:
MD5: (default) Generates a 32-character, hexadecimal string, using the
MD5 algorithm (The algorithm used in ColdFusion MX and prior
releases).
SHA: Generates a 40-character string using the Secure Hash Standard
SHA-1 algorithm specified by Nation Institute of Standards and
Technology (NIST) FIPS-180-2.
SHA-256: Generates a 44-character string using the SHA-256 algorithm
specified by FIPS-180-2.
SHA-384: Generates a 64-character string using the SHA-384 algorithm
specified by FIPS-180-2.
SHA-512: Generates an 128-character string using the SHA-1 algorithm
specified by FIPS-180-2.
But in this article, it says not to use MD5 or SHA-1
I am also a little skeptical about the cf documentation. It says encoding "SHA-512" uses SHA-1, but the description of "SHA-512" for the Enterprise version is "The 512-bit secure hash algorithm defined by FIPS 180-2 and FIPS 198." And the output of SHA-512 is larger than SHA-384. Sorry, I am having a hard time getting my head around all these different encoding principles.
Hashes are not secure by themselves, anything that can be hashed can be broken. So in the security world you might think, ok I need to run the hash multiple times to obscure it more, but that doesn't secure the information, it just means someone has to repeat that same process and iterate over the hash multiple times. If they know the hash algorithm you used and assume they do, it's not secure. Sha-256 should be good enough for hashing information unless you are trying to secure the information. Hashes should never ever be used by themselves to secure information. Just because it isn't human readable does not make it secure.
If you want to secure something use coldfusion a encrypt functions and make sure you use a decent algorithm, like AES because the default in coldfusion is not secure. Then you need to use some entropic data from the information you're securing to ensure you have a unique encryption key that would be hard for someone to guess or find. Do not hard code a single key in your code, this will make it easy for someone to find and utilize a pattern in all of your encryptions.
Use something like bcrypt or scyrpt for storing passwords. I know they are more work to put into use and require java integration in coldfusion but they are much more secure ways of storing information. Remember that even with bcrypt or scrypt the information can be compromised given enough time and someone willing to put the effort into decrypting it. Be paranoid when securing information.
I am using this tutorial to encrpyt and decrpyt passwords that are saved to sql database.
Problem is the RNGCryptoServiceProvider is not supported on the platform i'm using therefore I changed it to SHA1CryptoServiceProvider. How do I get round the GetNonZeroBytes?
RNGCryptoServiceProvider is a cryptographically secure random number generator. SHA1CryptoServiceProvider implements the SHA-1 cryptographic hash function. Those are completely different things; you can't substitute one for the other.
What kind of platform are you on that doesn't have RNGCryptoServiceProvider?
Of the two hashing algorithms, SHA and MD5, which one would be the easiest to implement in .NET MVC 3. By easy, I mean the least amount of overhead and time to implement.
I know the argument will be that with security it shouldn't matter, but I am still interested in which one it would be. And if there is another highly used one that is easier, which is it?
I am new to working with hashing algorithms for site authentication, so I want to make sure I do my research before I go at it.
Also, if .NET or MVC has built in support for anything, what would it be?
Thank you.
See System.Security.Cryptography.MD5, and System.Security.Cryptography.SHA256.
A list of implemented hashing algorithms in the .NET framework can be found here.
You should also check out this blog post for a few tips about rolling your own authentication scheme.
Bcrypt is often a good choice for hashing passwords, and there's a .NET port of it here. However, I'm not sure if there has been any outside code review on this project, so it may be worth asking around.
Excellent posting about why bcrypt is the preferred method for storing passwords: http://codahale.com/how-to-safely-store-a-password/.
In regards to least overhead, that should really never be a concern. I would never want my passwords stored using the weakest hashing algorithm because a website or service needed "less overhead".
As stated in the comments, SHA and MD5 is not encryption. If you need one-way hashes, though, one of the SHA variants is the safest.
If you by "Least overhead" mean which one is easiest to implement in code, they are the same. In .NET SHA and MD5 share the same base class HashAlgorithm, which you can program against.
If you by "Least overhead" mean computing time or space consumption, MD5 is the winner. But bear in mind that MD5 is a lot weaker than any of the SHA variants, and for any practical applications today, neither time nor space is likely to matter.
I prefer not to store passwords on my sites at all - either with hashes and salts or otherwise. If you use an OpenID provider or a variant such as the new BrowserID from Mozilla Labs, I believe you may even be better off.
I cannot find (after hours of googling) the MSDN article/doc that declares what algorithms are used by the RSAProtectedConfigurationProvider when encrypting a section of the web.config file for an ASP.NET web application. I recall reading that it uses RSA for the key, and 3DES for the actual connection string.
What algorithms are used in encrypting the web.config file when using the default RSAProtectedConfigurationProvider (for both the key and the data)? Can someone provide a link to the appropriate MSDN article or other documentation on this?
RSA (naturally) is used as the asymmetric algorithm that is used to protect the symmetric key that is encrypted and stored alongside the protected data.
If you look at the relevant code in Reflector, there's a strong indication that the symmetric algorithm used to protect the data is AES256 ("http://www.w3.org/2001/04/xmlenc#aes256-cbc") although TripleDES is also supported.
Use Reflector or JustDecompile and have a look at:
public EncryptedData Encrypt(XmlElement inputElement, string keyName);
Declaring Type: System.Security.Cryptography.Xml.EncryptedXml