The very word Cryptography can be intimidating, not many people know much about it. I’m definitely among those people, but it struck my interests today when encrypting my password to use in a test application so it wasn’t stored in plain text. I was using an MD5 Hash algorithm for my Key, and a TripleDES algorithm to encrypt the password. I decided to look at the different encryption types built in to .NET to see if these were actually secure, and it’s a good thing I did! Though I’m just encrypting my password which is not a matter of national security.
If you do a bit of googling or check out StackOverflow on the topic, it turns out that MD5 has long ago been broken and it’s not recommended to be used. So I switched over to a SHA256 which is a member of the SHA-2 family, which is currently the recommended version for hashing. They are currently working on a SHA-3 encryption, and are having a friendly competition to find the best possible solution for it. It will be pretty cool to see the results of this contest and how the winning version works.
The TripleDES seemed to be a decent solution, but I switched over to AES instead because it’s said to be faster in software. This isn’t really an issue when decrypting a short string like a password, but would be if we were encrypting a large file or a database. The payment industry currently uses TripleDES so it can’t be too bad (one would hope), but I went with AES for my own project.
Either way, this is pretty interesting stuff! Wikipedia shows how the algorithms work and even shows code for some of them, and the calculations for the math nerds