Tag clouds, part 6

Well, how do you encrypt and decrypt data in .net 2.0 using symmetric cryptography and a password? It should be simple and safe, right? Doesn’t seem that way to me. I have limited experience of using cryptography in applications (just hashing and digital signature verification). So this is the question that currently has me stumped.

I thought you just have to provide a password and the plain text to some CryptoServiceProvider and the data will be magically encrypted. But you have to do more than that. First of all, a password is not sufficient; it has to be of the correct key size as required by the encryption algorithm (Rijndael and TripleDES being my choices) that you are using. Then, there is the question of the Initialization Vector. Another problem I am facing is how to store the password in memory if the application needs it for the entire session? Is it safe to keep it lying around? Surely I can’t ask the user to type in his password every time I need to load and save the data – browsers don’t do that and Thunderbird does not do that.

Well, those are some of the problems that need to be solved in my tag cloud generator. In fact I think I am close to a solution. Just thought I should write about the problems before writing about how I solved them.

These are a few articles available on MSDN on this very topic.

Trackbacks are closed, but you can post a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s