Cryptography

The very word Cryptography can be intimidating, not many people know much about it.  I’m definitely among those people, but it struck my interests today when encrypting my password to use in a test application so it wasn’t stored in plain text.  I was using an MD5 Hash algorithm for my Key, and a TripleDES algorithm to encrypt the password.  I decided to look at the different encryption types built in to .NET to see if these were actually secure, and it’s a good thing I did!  Though I’m just encrypting my password which is not a matter of national security.

If you do a bit of googling or check out StackOverflow on the topic, it turns out that MD5 has long ago been broken and it’s not recommended to be used.  So I switched over to a SHA256 which is a member of the SHA-2 family, which is currently the recommended version for hashing.  They are currently working on a SHA-3 encryption, and are having a friendly competition to find the best possible solution for it.  It will be pretty cool to see the results of this contest and how the winning version works.

The TripleDES seemed to be a decent solution, but I switched over to AES instead because it’s said to be faster in software.  This isn’t really an issue when decrypting a short string like a password, but would be if we were encrypting a large file or a database.  The payment industry currently uses TripleDES so it can’t be too bad (one would hope), but I went with AES for my own project.

Either way, this is pretty interesting stuff!  Wikipedia shows how the algorithms work and even shows code for some of them, and the calculations for the math nerds

Valid Email?

I wanted to email my gorgeous wife today to share an encouraging song that I heard on Pandora, “Get Back Up” by Toby Mac.  The problem is I could not remember her email address and it was not in my address book since I had not emailed her from this account before.  So I started googling and found a service that would check the emails for you, and I was eventually able to guess correctly.  I also found how to do it manually using some web/console magic. 

 

This interests me a great deal! It’s amazing what you can do with the command line that the average user does know about, many people working on computers for years and years don’t even know about them.  It is especially interesting since I once stumbled upon using telnet to access mail servers when I was in middle school, my first “hacking” was sending emails and putting random from addresses.  It’s comical to me now how cool I thought it was to “break” in to a mail server and send emails… ahh to be young again.

 

Anyway, check out this article:

http://www.webdigi.co.uk/blog/2009/how-to-check-if-an-email-address-exists-without-sending-an-email/