security
I’ll admit I was late to the HTTPS party. But post Snowden, and particularly after the result of the last election here in the US, it’s clear that everything on the web should be encrypted by default. Why? 1. You have an inalienable right to privacy, both in
security
The prevalence of free, open WiFi has made it rather easy for a WiFi eavesdropper to steal your identity cookie for the websites you visit while you're connected to that WiFi access point. This is something I talked about in Breaking the Web's Cookie Jar. It&
security
In Why Isn't My Encryption.. Encrypting? we learned that your encryption is only as good as your understanding of the encryption code. And that the best encryption of all is no encryption, because you kept everything on the server, away from the prying eyes of the client. In
encryption
It's as true in life as it is in client-server programming: the only secret that can't be compromised is the one you never revealed. But sometimes, it's unavoidable. If you must send a secret down to the client, you can encrypt it. The most
security
The most obvious badge of internet security is the "lock" icon. The lock indicates that the website is backed by a digital certificate: 1. This website is the real deal, not a fake set up by criminals to fool you. 2. All data between your browser and that
security
Cory Doctorow recently linked [http://www.boingboing.net/2006/07/10/analogy_explains_str.html] to this fascinating email [http://www.interesting-people.org/archives/interesting-people/200607/msg00058.html] from Jon Callas [http://www.merrymeet.com/jon/], the CTO of PGP corporation [http://www.pgp.com/library/ctocorner/index.html]. In
security
After I posted the CodeProject article .NET Encryption Simplified, a reader asked this question in the comments: I would like to know what your thoughts are on private key storage in applications. I believe the recommended practice is to use the DPAPI, but I have found this to be too
security
I just posted a new article on CodeProject, .NET Encryption Simplified. In my spare time over the last 6 months, I’ve delved deeper and deeper into the System.Security.Cryptography classes. And you know what I learned? Cryptography is hard. Anyway, I now have a heavily documented wrapper class
nunit
After years of building ad-hoc test harnesses, I finally adopted formal unit testing on a recent project of mine using NUnit and TestRunner. It was gratifyingly simple to get my first unit tests up and running: <TestFixture()> _ Public Class UnitTests Private _TargetString As String Private _TargetData As Encryption.