Welcome to MSDN Blogs Sign in | Join | Help

.NET 4.0 Security

The first beta of the v4.0 .NET Framework is now available, and with it comes a lot of changes to the CLR's security system.  We've updated both the policy and enforcement portions of the runtime in a lot of ways that I'm pretty excited to finally see available.  Since there are a lot of security changes, I'll spend the next month or so taking a deeper look at each of them.  At a high level, the major areas that are seeing updates with the v4 CLR are: 

Like I did when we shipped the v2.0 CLR, I'll come back and update this post with links to the details about each of the features we added as I write more detailed blog posts about each of them.

Tomorrow, I'll start by looking at probably the most visible change of the group - the update to the CLR's security policy system.

Published Wednesday, May 20, 2009 3:58 PM by shawnfa
Filed under: , ,

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

# .NET 4.0 Security | Microsoft Share Point

Wednesday, May 20, 2009 8:24 PM by .NET 4.0 Security | Microsoft Share Point

PingBack from http://microsoft-sharepoint.simplynetdev.com/net-40-security/

# re: .NET 4.0 Security

Thursday, May 21, 2009 12:41 AM by Alice & Bob

Please write a book about .NET 4.0 Security ;)

# re: .NET 4.0 Security

Thursday, May 21, 2009 5:08 PM by shawnfa

:-)  Thanks.

-Shawn

# New .NET 4.0 Security changes

Friday, May 22, 2009 6:18 AM by Hernan de Lahitte's blog

You can take a look at the new v4.0 .NET Framework , and the changes that will be described in Shawn

# re: .NET 4.0 Security

Monday, June 15, 2009 9:01 PM by Jack

Glad to hear the security improvement. Security is the most important one!

# re: .NET 4.0 Security

Tuesday, July 21, 2009 4:49 PM by Loren

So what is with the links above in the comments section.  They do not link to the blog.  Is it me or is the site.

Loren

# re: .NET 4.0 Security

Thursday, July 23, 2009 2:29 PM by Daniel

Does .NET 4.0 include an implementation of SHA-2?

On this page:

http://msdn.microsoft.com/en-us/library/92f9ye3s(VS.100).aspx#digital_signatures

...there is a note about SHA-2 being the latest recommended hash algorithm:

"MD5 design flaws were discovered in 1996, and SHA-1 was recommended instead. In 2004, additional flaws were discovered, and the MD5 algorithm is no longer considered secure. The SHA-1 algorithm has also been found to be insecure, and SHA-2 is now recommended instead."

Perhaps I'm not looking in the right place?

Thanks!

# re: .NET 4.0 Security

Friday, July 24, 2009 1:37 PM by Daniel

http://blogs.sun.com/mullan/entry/using_stronger_xml_signature_algorithms

Can we expect to see XML signature algorithm parity in .NET 4.0?

# re: .NET 4.0 Security

Thursday, November 05, 2009 11:11 AM by shawnfa

We have not updated the XML digitial signature classes in .NET 4.  However, you can use RSA-SHA256 even in .NET 3.5 SP1 by registering a custom signature description class.  This class, and a description of how to use it can be found on http://clrsecurity.codeplex.com

-Shawn

# re: .NET 4.0 Security

Thursday, November 05, 2009 11:12 AM by shawnfa

Yes - SHA256, 384, and 512 have all been supported by .NET since version 1.0.  Look at the SHA256Managed class (or in v3.5, SHA256CryptoServiceProvider and SHA256Cng).

-Shawn

# re: .NET 4.0 Security

Thursday, November 05, 2009 11:13 AM by shawnfa

Loren - it's not you.  Once I finish writing about each of those topics, I'll update the links to point at them.

-Shawn

Leave a Comment

(required) 
required 
(required) 

  
Enter Code Here: Required
 
Page view tracker