encryption in .net

I was told that there's an encryption library I can use and there's a couple that I can choose from (eg. AES, RSA, etc). I also read something about keys. Are keys something you just generate so you can encrypt an开发者_StackOverflowd decrypt a series of texts? Do you have to purchase that key?

Also, is there a best practice that I need to be aware of in encrypting and decrypting? Is encrypting a password recommended? Would performance be affected?

You are correct. Base64 encoding is a world away from actually encrypting your data. The former simply converts the data to be representable using 64 unique characters, obfuscating the data at best, while the latter actually converts your data into a representation that can only make sense once it is decrypted using the proper key. Do not ever base64 encoding if you want to keep something a secret.

Are keys something you just generate so you can encrypt and decrypt a series of texts?

Yes.

Do you have to purchase that key?

No, you generate the keys yourself.

Is encrypting a password recommended?

Most definitely. You should always encrypt passwords whenever possible.

Would performance be affected?

When encrypting data, you're using more CPU cycles than you would have otherwise, so performance is affected, but it really depends on what algorithm you use, the amount of data, etc.

Here are some linke that might help you out:

• Some info on encryption in .NET
• MSDN Article
• More on Encryption

Start reading here:

http://msdn.microsoft.com/en-us/library/system.security.cryptography.aspx

Oh and yes - encrypting a password is recommended in most systems (do a search for hash and salt).

A common practice would be using Protected Configuration feature.

Encrypting and Decrypting Configuration Sections