.NET Security Blog

The standard System.String has never been a very secure solution for storing sensitive strings such as passwords or credit card numbers. Using a string for this purpose has numerous problems, including: It's not pinned, so the garbage collector can move...

Overview of DPAPI Although APIs such as CAPI and the .NET System.Security.Cryptography classes make using cryptography relatively easy, one of the hardest things to do when implementing a secure cryptographic system is key management. In order to help...

Last week (ok, really two weeks ago ....), I wrote about using DPAPI with Whidbey. (You can find that post here: Managed DPAPI Part I: ProtectedData ). In addition to the ProtectedData class, Whidbey will also expose DPAPI through the ProtectedMemory...

Keith Brown has made avaiable an online version of his book, The .NET Developer's Guide to Windows Security . You can browse the book for free, with a slightly modified title: A .NET Developer's Guide to Windows Security . I haven't had time to look through...

One of the transforms that ships with the .Net framework is the XmlDsigXsltTransform, which implements the XSLT transform specified in the W3C recommendation. A few people have asked me to write a bit on how to use this transform, so here's a brief explanation...

We've just launched a brand new newsgroup, microsoft.public.security.crypto, for questions and issues on all crypto related items (such as CAPI, CAPICOM, X509, etc). It was launched at about 11:00am this morning, so it may be some time before your news...

I ran across Eric Levenez's Programming Language History page , its pretty fun to check out. He's got 50 programming languages starting from Fortran in 1954, going through PHP 4.36 in May 2004 plotted according to release dates and languages they evolved...