Showing all posts tagged: 'security'

A 23-post collection

CodeCraftCon Glasgow - a tech conference with a twist

A couple of weeks ago I had the fortune to speak at [CodeCraftCon](https://ti.to/codecraftconf/summer-2015" target="_blank) in Glasgow, UK. How very fortunate as the venue was only 15 mins away from where I live! But this was not the only reason why the event was such a success. The conference was great, the location fantastic, the food extremely tasty and the overall outcome exceeded people's expectations. I greatly applaud and support events like this which can benefit the local developer community. CodeCraftCon was the first event I attended that the format was wildly different …[read more]


Fingerprint identification and its security implications

Today I decided to talk about security, just because it's one of the subjects I really enjoy. I hope you'll find this informative. In recent days, there's a lot of noise on the interwebs about fingerprint security and how it can be easily compromised. Recent examples can be found here, here and here. It all started when Apple made fingerprint authentication a commodity with the introduction of Touch ID on iPhone 5. Subsequently, other phone manufacturers followed and today there are many high-end devices with a fingerprint scanner. Security researchers expect that by 2019 over 50% of smartphones will have …[read more]


Create passwords and check password strength using a public Open Source API

The PasswordUtility API is one of the pet projects I've been working on for a while. Today I'm delighted to announce that the project goes to public availability. The solution hosted in Azure (where else?) and consists of 2 parts: A public facing website where you can test the API features A public API to use in your applications. The project is fully Open Source and it's driven by the PasswordUtility library hosted on GitHub and readily available to download from NuGet. If you're interested in knowing how the library works, I've put together a nice write up on GitHub. …[read more]


Azure Key Vault - the new security service from Microsoft

Azure Key Vault is a new(ish) service offered by the Azure team. This Platform-as-a-Service (PaaS) feature, now in general availability(GA), allows you to securely manage and protect cryptographic keys and secrets which can be used by cloud-enabled applications and services. There are 2 compelling reasons why someone may choose to use Azure Key Vault: It can be used to encrypt keys and secrets (authorisation keys, storage account keys, data encryption keys, etc) using the keys that are stored within the Azure Key Vault service and are protected by Hardware Security Modules (HMS). Alternatively, the stored keys can be …[read more]


A C# Encryption provider for Azure Websites

Azure.Security, my second OSS project has been released! 1. What is Azure.Security? Azure.Security is an Azure specific piece of software designed to provide cryptographic services to an application deployed to Azure Websites platform. One of the issues that you may come across when using this platform is data encryption and key management. Luckily, Azure Websites are happy to run code from the System.Security namespace, but there is no easy way to securily manage private key(s). And that's where this project comes to fill in the gap. Azure.Security uses a number of Azure features in …[read more]


The right way to implement password hashing using PBKDF2 and C#

Following from my previous post about hashing using BCrypt and in response to some comments I received on Google+, I decide to provide an alternative hashing implementation using PBKDF2. As you will notice, the implementation is somewhat bigger than the one provided for BCrypt but in effect, both code segments perform the same task. First we create a hash from the plain text password and then we validate a password against the stored hash. NOTE: The constants, like the iterations, can be changed to tweak the hash strength. The code above is pretty self explanatory. You call PasswordHash.HashPassword(plaintext) …[read more]


A simple .NET password hashing implementation using BCrypt

By now, you've heard many many stories about compromised sites and how millions of emails and clear-text passwords have made it to the hands of "not so good" people. If you are a developer and you need to create some kind of authentication for your clients/software/site/pet-project, please make sure you approach this with the gravity that it demands. Troy Hunt, a security expert has written about the subject multiple times and I would urge you seriously to have a look at his blog or his pluralsight courses. Troy is one of the many security experts …[read more]