A
A
Artem2015-07-29 01:38:15
API
Artem, 2015-07-29 01:38:15

How to implement API access from c# .Net application?

There is a web service with an API, there is an application in c#.
It is necessary to implement authentication (based on a login-password pair).
When submitting the form, the password must be hashed (so as not to be transmitted in the clear), and here I had a question: how?
1. Do I need to use a salt, or is it enough just to take a hash (and why so)?
2. If we use salt, how to hide it from prying eyes? The application is easily decompiled, the attacker gets the salt and the algorithm.
3. How to avoid a man-in-the-middle attack? After all, even HTTPS does not protect against this attack.
Perhaps, here we need not just hashing, but full-fledged encryption?
Please tell me the correct algorithm.

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Z
Zelimkhan Beltoev, 2015-07-29
@ber_enot

Encrypt unambiguously. Related article: habrahabr.ru/post/144282
To protect the encryption algorithm (although even if the attacker knows the encryption algorithm, this will give him little without a private key), you can implement a library with the algorithm in a language compiled into binary code (the same C ++). But this is in the event that you do not find ready-made solutions (of which there are many on the network).

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question