Azure Key Vault is a new(ish) service offered by the Azure team. This Platform-as-a-Service (PaaS) feature, now in general availability(GA), allows you to securely manage and protect cryptographic keys and secrets which can be used by cloud-enabled applications and services. There are 2 compelling reasons why someone may choose to use Azure Key Vault: It can be used to encrypt keys and secrets (authorisation keys, storage account keys, data encryption keys, etc) using the keys that are stored within the Azure Key Vault service and are protected by Hardware Security Modules (HMS). Alternatively, the stored keys can be …[read more]
Showing all posts tagged: 'encryption'
A 4-post collection
Azure.Security, my second OSS project has been released! 1. What is Azure.Security? Azure.Security is an Azure specific piece of software designed to provide cryptographic services to an application deployed to Azure Websites platform. One of the issues that you may come across when using this platform is data encryption and key management. Luckily, Azure Websites are happy to run code from the System.Security namespace, but there is no easy way to securily manage private key(s). And that's where this project comes to fill in the gap. Azure.Security uses a number of Azure features in …[read more]
Following from my previous post about hashing using BCrypt and in response to some comments I received on Google+, I decide to provide an alternative hashing implementation using PBKDF2. As you will notice, the implementation is somewhat bigger than the one provided for BCrypt but in effect, both code segments perform the same task. First we create a hash from the plain text password and then we validate a password against the stored hash. NOTE: The constants, like the iterations, can be changed to tweak the hash strength. The code above is pretty self explanatory. You call PasswordHash.HashPassword(plaintext) …[read more]
By now, you've heard many many stories about compromised sites and how millions of emails and clear-text passwords have made it to the hands of "not so good" people. If you are a developer and you need to create some kind of authentication for your clients/software/site/pet-project, please make sure you approach this with the gravity that it demands. Troy Hunt, a security expert has written about the subject multiple times and I would urge you seriously to have a look at his blog or his pluralsight courses. Troy is one of the many security experts out there, …[read more]