What are the best practices for encrypting data in .NET?
What are the best practices for dealing with
- Things that should be hashed. i.e. passwords
- Things that cannot be hashed, but are extremely confidential and would cause tremendous pain if compromised. i.e. credit cards, SSN, missle launch codes.
Which encryption algorithm is strongest, most recommended? How you do handle the keys?
There are built in crypto libraries you can use in .Net. There are many good symmetric and asymmetric encryption algorithms (AES, RSA, etc) Many of these algorithms let you select how strong a key you want (1024bit, 2048bit, etc).
Storing your keys is a much dicier situation. I suggest not in a plain text file. There are algorithms out there for slpitting encryption keys in half so that responsibility is divided.