Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>You <strong>must not use</strong> BCrypt in .NET. You <strong>must use</strong> PBKDF2 as is with the built in .NET framework implementation. It is the only freely available cryptographically verified implementation in .NET along with being the <a href="http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf" rel="noreferrer">algorithm recommended by NIST</a>.</p> <p>StackId previously used BCrypt and moved to PBKDF2 for this very reason:</p> <blockquote> <p>For those curious, we’re hashing passwords with PBKDF2. Relavent code is here ( <a href="http://code.google.com/p/stackid/source/browse/OpenIdProvider/Current.cs#1135" rel="noreferrer">http://code.google.com/p/stackid/source/browse/OpenIdProvider/Current.cs#1135</a> ), through a few layers of indirection. In an earlier iteration, we were using BCrypt; but moved to PBKDF2 as it is built into the .NET framework, whereas BCrypt would require us to verify an implementation (no small undertaking).</p> </blockquote> <p><a href="http://blog.stackoverflow.com/2011/05/stack-exchange-is-an-openid-provider/#comment-59112">Kevin Montrose, May 27 2011</a> </p> <p><a href="https://github.com/StackExchange/StackID/blob/master/OpenIdProvider/Current.cs" rel="noreferrer">(Updated link on GitHub)</a></p> <p><strong>Edit:</strong> The meaning of <em>verified</em> in cryptographic terms seems to not be readily understood, a verified implementation means it's been cryptographically proven to be implemented without error. The cost of this can easily reach $20,000 or higher. I recall this when I was doing research on OpenSSL and read where they stated they haven't completed the entire verification process but if you need fully verified that they can point you down the right path for it and mentioned costs associated. Certain government requirements include mandates for verified encryption algorithms.</p> <p>The bcrypt implementations in .NET have not been verified. Using an unverified encryption implementation you can't be absolutely certain that there is not either intentional malicious faults in it such as allowing a backdoor into what is encrypted or unintentional implementation faults that result in cryptographically insecure data.</p> <p><strong>2014 edit:</strong> For anyone that questioned the imperativeness of using verified cryptopgraphical algorithims look at the devastation that was wrought by the <a href="http://en.wikipedia.org/wiki/Heartbleed" rel="noreferrer">heartbleed hack</a> exploited in OpenSSL. That is the cost of using an unverified implementation. It's secure.... until you find out that any person can just read the entire memory contents of your server.</p> <blockquote> <p>The author of the change which introduced Heartbleed, Robin Seggelmann, stated that he "missed validating a variable containing a length" and denied any intention to submit a flawed implementation. Following Heartbleed's disclosure, Seggelmann suggested focusing on the second aspect, stating that OpenSSL is not reviewed by enough people.</p> </blockquote> <p>This is the definition of an unverified implementation. Even the smallest defect can result in crippling the entire security. </p> <p><strong>2015 edit:</strong> Removed recommendation based language and replaced with absolutes. Embedded original Kevin Montrose comment for posterity.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload