A lot of people really love the idea of cryptography. To computer geeks like us there is nothing cooler than the idea that computing relatively simple arithmetic on a message can enable you to communicate secretly with anyone in the world, even if there are eavesdroppers. Unfortunately, this means that...

Today is the fifteenth anniversary of my first day of full time work here at Microsoft. Hard to believe it has been a decade and a half of writing developer tools. I am tremendously fortunate to be able to work with such a great team on such a great toolset for such great customers. I'm looking forward...

" The code is more what you'd call guidelines than actual rules " - truer words were never spoken. It's important when writing code to understand what are vague "guidelines" that should be followed but can be broken or fudged, and what are crisp "rules" that have serious negative consequences for correctness...

People sometimes ask me why you can’t do this in C#: class GrandBase { public virtual void M() { Console.WriteLine("GB"); } } class Base : GrandBase { public override void M() { Console.WriteLine("B"); } } class Derived : Base { public override void M() { Console.WriteLine("D"); base.base. M(); // illegal...

(In this post I'll be talking about exogenous , vexing , boneheaded and fatal exceptions. See this post for a definition of those terms .) If your process experiences an unhandled exception then clearly something bad and unanticipated has happened. If its a fatal exception then you're already in no position...

(This is part one of a two-part series on the dangers of aborting a thread. Part two is here .) The other day, six years ago, I was was talking a bit about how to decide whether to keep waiting for a bus , or to give up and walk. It led to a quite interesting discussion on the old JoS forum . But...

Reader Jesse McGrew asks an excellent follow-up question to my 2005 post about why you cannot access a protected member from a derived class . (You probably want to re-read that post in order to make sense of this one.) I want to be clear in my terminology, so I’m going to define some terms. Suppose...

Consider the following scheme: I have some client software which I sell. When the client software starts up for the first time, it obtains a “token” from the user. The token string can be anything; the user can choose their name, their cat’s name, their password, the contents of some disk file, whatever...

A quick metablogging note. Those of you who comment on this blog (6700+ comments and counting, thank you all) have probably noticed that it now has a CAPTCHA, that little "please prove you're a human" test before the comment is posted. I understand why. The MSDN and TechNet blog sites are high-value...

Both strong naming and digital signatures use public key cryptography to provide evidence about the origin of an assembly, so that you can apply security policy to determine what permissions are granted to the assembly . They differ most importantly not in their mathematical details, but in what problems...

We have a feature in C# which allows you to declare a " friend assembly ". If assembly Smith says that assembly Jones is its friend, then code in Jones is allowed to see "internal" types of Smith as though they were public(*). It's a pretty handy feature for building a "family" of assemblies that share...

If you find a class in a library that has all private/internal constructors, it is pretty clear that the author of the class is sending you the deliberate message that this class is not to be extended by you. In our previous example, it was not so clear. Obviously the author of the class in question...

In this episode of FAIC, a conversation I had with a C# user recently. Next time, some further thoughts on how to use the CLR security system in this sort of scenario. Him: I have this abstract class defined in one assembly: // Assembly FooBar.DLL public abstract class Foo { internal abstract void...

“ Diet Dr. Pepper tastes more like regular Dr. Pepper.” That was a previous advertising slogan for Diet Dr. Pepper, my personal favourite source of both caffeine and phenylalanine; I’m drinking it right now as I write this. The present slogan is the brain-achingly oxymoronic “ Diet Dr. Pepper:...

In Part Two I asked a couple of follow-up questions, the first of which was: Suppose you were a hostile third party and you wanted to mess up the parenting invariant. Clearly, if you are sufficiently trusted, you can always use private reflection or unsafe code to muck around with the state directly...

This is a follow-up to my 2005 post on the same subject which I believe sets a personal record for the longest time between parts of a series. (Of course, I didn't know it was a series when I started it.) Please read the previous article in this series, as this post assumes knowledge of part one. .....

Joel points out today that SQL injection vulnerabilities are common and bad, bad, bad. He does a good job of describing the attack but doesn't really talk about how to mitigate it. When I advise people on how to close security holes like this I always tell them that closing the original hole is probably...

I'm still learning my way around the C# codebase – heck, I'm still learning my way around the Jscript codebase and I've been working on it for nine years, not nine weeks. Here's something I stumbled across while refactoring the anonymous method binding code last week that I thought might be interesting...

A recent question I got about the .NET CLR's hashing algorithm for strings is apropos of our discussion from January on using salted hashes for security purposes . The question was basically "my database of password hashes doesn't seem to work with .NET v2.0, what's up with that?" To make a long story...

Here's a question about client side vs. server side scripting that I got recently: I want to get the machine name of the client the request is being made from. With ASP I can get the IP address using this code: ipaddr = Request.ServerVariables("REMOTE_ADDR") But I don’t know how to get the name of...

One year ago this week I was the Channel Nine guinea pig -- I'm still not sure why, but for some reason The Scobelizer and his cohort chose me to be the first guy interviewed for their project. (Probably because I'm mostly harmless.) Channel Nine has succeeded tremendously, and I'm very pleased to have...

My friend Kristen asked me over the weekend when I was going to stop blogging about crypto math and say something funny again. Everyone's a critic! Patience. my dear. Today, the final entry in my series on salt. Tomorrow, who knows? *********************** So far we've got a system whereby the server...

Last time we were considering what happens if an attacker gets access to your server's password file. If the passwords themselves are stored in the file, then the attacker's work is done. If they're hashed and then stored, and the hash algorithm is strong, then there's not much to do other than to hash...

OK, we want to sketch out an authentication system which is sufficiently secure against common attacks even if all the details of the system are known to the attacker. Let's start with a simple system, take a look at what its vulnerabilities are, and see if we can mitigate them: System #1 The client...

A poster to one of the Joel On Software fora the other day asked what a "salt" was (in the cryptographic sense, not the chemical sense!) and why it's OK to make salts public knowledge. I thought I might talk about that a bit over the next few entries. But before I do, let me give you all my standard...