Disclaimer

Any opinions expressed here are my own and not necessarily those of my employer (I'm self-employed).

May 15, 2012

Towards more secure password hashing in ASP.NET

A couple of weeks ago I was remotely involved in a discussion on password hashing in .NET with @thorsheim, @skradel, and @troyhunt. (Follow them if you're on Twitter). The background for the discussion was that password hashing using MD5/SHA-1/SHA-256 isn't quite the state of the art anymore. All the recent password breaches have triggered recommendations to make password cracking harder. The algorithms that are usually recommended are PBKDF2 (Password based key derivation function), bcrypt, or scrypt. So which of these should you choose if you're working with .NET?

I'm a conservative guy. Cryptographic algorithms are very hard to get right, as there's all sorts of things that can go wrong when you implement them. Consequently, I prefer to use whatever is available in the .NET framework. That's because Microsoft have crypto-experts on staff, and they've also pioneered the SDL which means you should expect high quality implementations of their (security critical) software. So it's really a trust thing. At the time of writing, PBKDF2 is the only algorithm of the three mentioned that's readily available in the framework. You probably see where this is leading: bcrypt and scrypt are disqualified in my book. When it comes to cryptographic functions, stick with the framework! PBKDF2 is the best alternative for now.

Following the discussion on Twitter, @skradel shared a library where he had wrapped the built-in PBKDF2 as a HashAlgorithm. That way, PBKDF2 (through his wrapper) could easily be used by other parts of the framework, such as the SqlMembershipProvider. It really was an elegant solution. He blogged about it in: Strong Password Hashing for ASP.NET, you should check it out (@thorsheim was so delighted that he had to blog about it too :).

When you're dealing with PBKDF2, you'll see that it takes a couple of parameters. @skradel's already chosen some reasonable defaults in his implementation so it's all hidden and taken care of there. But if you were to implement this yourself and explain to someone how you chose those parameters, what then?

I couldn't find much guidance on the Internet so I started digging into the PBKDF2 standard to find out more.

PBKDF2 parameters
The PBKDF2 is backed by H-MAC-SHA-1 which is a keyed hash function (see HMAC). The supplied password is used as the key, while the salt is used as the input text, concatenated with a block identifier. The whole idea behind PBKDF2 is to introduce a drastic increase in the workload for a password cracker. In the default setup, H-MAC-SHA-1 is run a 1 000 times to generate the output for a password. This is a negligible workload when you're checking that a user entered the correct password. However, for an attacker running an offline attack with a password cracker that needs to try millions of passwords the extra workload really adds up and slows down the attack significantly.

Next, there are a couple of things to take into consideration when implementing PBKDF2 password.
  • It requires a salt that's at least 64 bit (8 bytes)
  • You can select a number of iterations (1 000 is the default)
  • You must choose how many bytes to output
  • You need to be sure you encode your passwords correctly (remember how not to hash?)
So, how long should the salt be? I have found almost no guidance on the length of the salt, except for a note on the Rainbow table article on Wikipedia. Considering that the salt's only job is to introduce uniqueness to the calculation and that it's not a secret, I cannot see why a 64-bit salt should not get the job done. Do note that the SqlMembershipProvider uses 128-bit salts, and that's also what's used in bcrypt. So you might just do like the big boys do and go with a 128-bit salt. What's more important is how you generate a salt. You should use a cryptographic RNG for that. I've included an example at the very end of the code samples that does exactly that.

You'll also need to decide on how many iterations to use for the calculation — and now we're getting to the core of the issue. The number of iterations dictate the workload, which is the whole point of using PBKDF2 to begin with. So the recommended setting is: "as high as possible." To maximize this you'll have to test how many iterations you can run before it would become a noticeable delay for the user and hence start to effect the user experience negatively. This of course depends on the hardware you're running so you'll probably need to do some benchmarking here.

Then there's how many bytes to output. The standard gives us some useful hints here:
Thus, even if a long derived key consisting of several pseudorandom function outputs is produced from a key, the effective search space for the derived key will be at most 160 bits. Although the specific limitation for other key sizes depends on details of the HMAC construction, one should assume, to be conservative, that the effective search space is limited to 160 bits for other key sizes as well.
There it is. You'd want the largest effective key space, nothing more, nothing less. That means that you should generate 160-bit (20 bytes) of output. Remember that the security is still bound by the randomness of the passwords used. Password entropy is often used as a term to describe the complexity involved in guessing a password. Have a look at that last link, and you'll see that to have the "guessability" of the passwords match the limits to PBKDF2's output (i.e. 160-bit password entropy), users would have to choose truly random passwords that where 27 characters long, assuming you accepted alphanumeric case sensitive passwords (a-z,A-Z,0-9). As you probably know, users tend to select passwords that are not very random and that are much shorter. So rest assured that it's the passwords that will be killing you here, not the security of PBKDF2.

Rounding of, I have to remind you to use a proper character encoding when translating the passwords to bytes that can be input to the PBKDF2 function (see the sample code). If you feel like giving the passwords' ASCII bytes to PBKDF2, go read How not to hash passwords in .NET instead. That's really important.

And remember also, PBKDF2 is NOT a silver bullet. The RFC puts it quite well:
Password-based cryptography is generally limited in the security that it can provide, particularly for methods [...] where off-line password search is possible. While the use of salt and iteration count can increase the complexity of attack [...], it is essential that passwords are selected well, and relevant guidelines [...] should be taken into account. It is also important that passwords be protected well if stored.
So there. That was my advice on how to set up PBKDF2 when used to hash passwords. If you have anything to add to this please leave a comment. I'd appreciate that.

Appendix: A demonstrational PBKDF2 implementation.
To figure out how PBKDF2 actually works, I implemented it. Here's the source code, which maps rather directly to the steps outlined in the RFC. I wrote it for demonstrational purposes, so it's not optimized or anything. So I hope it's understandable.

Disclaimer: DON'T use this PBKDF2 implementation for anything other than demo purposes. As I demonstrated earlier in this post, PBKDF2 is available in the .NET framework, you should use that instead.

using System;
using System.Text;
using System.Security.Cryptography;
using System.IO;

namespace PBKDF2Example
{
    class PBKDF2_demo
    {

        static void Main(string[] args)
        {
            var enc = Encoding.GetEncoding(Encoding.UTF8.CodePage,
                new EncoderExceptionFallback(),
                new DecoderExceptionFallback());
            var password = enc.GetBytes("passwordPASSWORDpassword");
            var salt = enc.GetBytes("saltSALTsaltSALTsaltSALTsaltSALTsalt");
            var iterations = 4096;
            var keylength = 25;

            var result = PBKDF2(password, salt, iterations, keylength);
            Console.WriteLine(BitConverter.ToString(result));
            Console.ReadLine();

        }

        static byte[] PBKDF2(byte[] password,
            byte[] salt,
            int iterations,
            int derivedKeyLength)
        {

            var hashLength = 0;

            using (var hmac = new HMACSHA1())
            {
                hashLength = hmac.HashSize / 8;
            }

            //Our number of blocks
            var length = (int)Math.Ceiling(
                ((decimal)derivedKeyLength) / ((decimal)hashLength));

            var derivedKey = new byte[derivedKeyLength];
            using (var ms = new MemoryStream())
            {
                for (int blockIndex = 1; blockIndex <= length; blockIndex++)
                {
                    var block = CalculateBlock(password, salt,
                        iterations, blockIndex);
                    ms.Write(block, 0, block.Length);
                }
                ms.SetLength(derivedKeyLength);
                return ms.ToArray();
            }

        }

        static byte[] CalculateBlock(byte[] password,
            byte[] salt,
            int iterations,
            int blockIndex)
        {
            var blockBytes = BitConverter.GetBytes(blockIndex);
            if (BitConverter.IsLittleEndian)
                Array.Reverse(blockBytes, 0, blockBytes.Length);

            byte[] u1;
            using (var hmac = new HMACSHA1(password))
            {
                var firstInput = new byte[salt.Length + blockBytes.Length];
                Array.Copy(salt, firstInput, salt.Length);
                Array.Copy(blockBytes, 0, firstInput,
                    salt.Length, blockBytes.Length);
                u1 = hmac.ComputeHash(firstInput);
            }

            byte[] lastvalue = u1;
            byte[] newvalue;
            byte[] result = u1;
            for (int i = 1; i < iterations; i++)
            {
                using (var hmac = new HMACSHA1(password))
                {
                    newvalue = hmac.ComputeHash(lastvalue);
                    for (int j = 0; j < newvalue.Length; j++)
                        result[j] = (byte)(newvalue[j] ^ result[j]);
                    lastvalue = newvalue;
                }
            }
            return result;
        }

        //Returns 128-bit salt
        static byte[] GetNewSalt()
        {
            var salt = new byte[16];
            using (var rng = RNGCryptoServiceProvider.Create())
            {
                rng.GetBytes(salt);
                return salt;
            }

        }

    }
}

105 comments:

  1. 64-bits is fine for a salt value. The point of salts/uniqueness is to prevent an attacker from being able to simultaneously attack several hashes with the same salt. With random 64-bit salt values, there would have to about 5 billion hashes (slightly more than 2^32) on average before two would have the same salt value.

    ReplyDelete
    Replies
    1. Escorts Goa prepare to play a game of seduction with girls during which there are high chances of you winning. We have the superfine call girl services in Goa gettable for your pleasure.

      If you need someone who may need the capacity to you getting amazing delight then it's only our Lucknow call girl service. Here you bought complete dose of adult entertainment and romance within the sort of sexy and strikingly beautiful escort Lucknow.

      Delete
  2. Great article. I just used something similar recently.

    ReplyDelete
  3. Nice, if you would prefer to use HMACSHA256 or HMACSHA512 instead of the HMACSHA1 in the ageing PBKDF2 standard then I recommend taking a look at this open source API:

    https://sourceforge.net/projects/pwdtknet/

    ReplyDelete
  4. I must say, I'm impressed that you still managed to come up with a pretty workable way to incorporate a password out of the PBKDF2 standard; that would be helpful for programmers who still haven't worked out using the newer systems.

    ReplyDelete
  5. Replies
    1. Hi, Great.. Tutorial is just awesome..It is really helpful for a newbie like me.. I am a regular follower of your blog. Really very informative post you shared here. Kindly keep blogging. If anyone wants to become a .Net developer learn from Dot Net Training in Chennai. or learn thru ASP.NET Essential Training Online . Nowadays Dot Net has tons of job opportunities on various vertical industry.
      or Javascript Training in Chennai. Nowadays JavaScript has tons of job opportunities on various vertical industry.

      Delete
    2. I am glad that I saw this post. It is informative blog for us and we need this type of blog thanks for share this blog, Keep posting such instructional blogs and I am looking forward for your future posts.
      Cyber Security Projects for Final Year

      JavaScript Training in Chennai

      Project Centers in Chennai

      JavaScript Training in Chennai

      Delete
  6. View this page to know how to track cell phone without installing spying application.

    ReplyDelete
  7. Obat Aborsi,, Obat Penggugur Kandungan,,
    Nice bag you can earn money from that
    Thanks for your posting
    Visit me @, Jual Obat Aborsi,,

    ReplyDelete
  8. By taking the time to read a lot of information like this to add my insight . cara menggugurkan hamil

    ReplyDelete
  9. here you can get the free premium apps in free thorugh Lucky Patcher android worldfree4u hollywood

    ReplyDelete
  10. Web Ocean Design is the best IT services provider for complete mobile and web application development. The young development company based in Bihar, India, owned and managed by Vicky who have a good amount of experience in Information Technology, Management and other related fields. We provide technical and creative services ranging from Internet Marketing to Communication maneuver. We are also skilled in website development which includes brand promotion, web designing and software development.

    website design company in patna
    website development company in patna
    website development in patna

    web design company in patna
    web development company in patna
    website design in patna

    website design patna
    seo company in patna
    seo company in bihar

    ReplyDelete
  11. Web Ocean Design is the best IT services provider for complete mobile and web application development. The young development company based in Bihar, India, owned and managed by Vicky who have a good amount of experience in Information Technology, Management and other related fields. We provide technical and creative services ranging from Internet Marketing to Communication maneuver. We are also skilled in website development which includes brand promotion, web designing and software development.

    best seo company in patna
    digital marketing company in patna
    best website design company in patna

    affordable seo service in patna
    website optimization in patna
    educational internet marketing company patna

    social media marketing company patna
    real estate seo company in patna
    ecommerce seo company patna

    ReplyDelete
  12. The factor of salts/forte is to prevent an attacker from being able to concurrently assault numerous hashes with the same salt. The younger development business enterprise primarily based in Master Thesis Writing Service USA, owned and managed through Vicky who has a very good quantity of enjoying in facts technology, control, and other related fields.

    ReplyDelete
  13. 90minup ข่าวกีฬา ฟุตบอล ผลบอล วิเคราะห์บอล พรีเมียร์ลีก ฟุตบอลไทย
    ข่าวกีฬา
    ตารางคะแนน
    ฟุตบอลไทย
    ไฮไลท์ฟุตบอล
    ดูบอลออนไลน์
    ผลบอลสด
    90minup

    ReplyDelete
  14. This is a really helpful article. It helped me gain more amount of knowledge. I must I have read a lot of articles on this topic but this one caters to my queries in the best way.
    Sql server dba online training

    ReplyDelete
  15. For those seeking Custom Nursing Essay Writing Service that are 100% original we have plagiarism software that the company utilizes to confirm the level of originality even when offering nursing case study writing services.

    ReplyDelete
  16. Through the assistance of our Write My Research Papers, you will get the best assignment help that will earn you good grades.Order Assignment Writing Help services from us and benefit from the knowledge and experience of professionals in different academic fields.

    ReplyDelete
  17. Just stumbled across your blog and was instantly amazed with all the useful information that is on it. Great post, just what i was looking for and i am looking forward to reading your other posts soon!
    Software testing online training
    Software testing certification training
    Software testing online course
    Software testing training course

    ReplyDelete
  18. just make it bit longer. harder to remember but more secure
    john | easybuilder.pro

    ReplyDelete
  19. An exceptional Buy College Research Paper will ensure that the client gets only the best quality Best Writing Services work that meets the standards of the Dissertation Writing Services.

    ReplyDelete
  20. ไม่อยากพลาดโอกาศดีๆต้องมาเล่นเกมยิงปลาได้เงินจริงที่นี่เท่านั้น
    https://www.slot1234.com/เกมยิงปลาออนไลน์

    ReplyDelete
  21. My Prepaid Centers is the only site that creates the best and the most useful card activation service which make you benefit from the activation in your card with just one minute challenge.You can easily fill out the basic information about your myprepaidcenter card and as soon you take a look again to the site your card will get activated.

    ReplyDelete
  22. A secure password is very important to us because through this we can secure our data and save from hackers and if we do not manage it, we can lose our data which can be stolen by hackers. So, always use strong password so that we can save our personal content. Coursework writing services.

    ReplyDelete
  23. your blog are really helpful for all testers and beginners.this all provided knowledge are unique than other testing blog. Performance Testing Framework are lovely explain.keep updating,Thanks
    Software Testing Training in Chennai | Software Testing Training in Anna Nagar | Software Testing Training in OMR | Software Testing Training in Porur | Software Testing Training in Tambaram | Software Testing Training in Velachery

    ReplyDelete
  24. By - downloading a new antibodies to any persevering, It helps that individual (Coach Outlet Clearance Sale) body's defense mechanisms deal with the problem since improve their potential for recovery. Since the plasma televisions meant for (Yeezy Boost 350 Cheap) hav 888 isn't likely to originated from electricity contributor, Takeda have the ability to initially build the treatment inside segregated house in just their particular manufacturing unit (Coach Outlet Online) in atlanta, With design output (Michael Kors Outlet Store) of it shouldn't adversely (Ray Ban New Wayfarer Polarized) consequences in order to Takeda its definitely produce several plasma display panels based strategies.Treatment (Cheap Yeezy Shoes Sale) options are perhaps considerable, Daily book marking medicinal (Ray Ban Outlet) drugs that a majority of thousand consequentlys of people (Cheap Yeezys For Sale) who have scarce problematic health problems depend on normal almost, Pointed out medical professional. Chelsea Morabito, Takeda

    ReplyDelete
  25. Slotxo บริการ สล็อตออนไลน์ สล็อตxo แจกเครดิตฟรี พร้อม ทางเข้า slotxo เกมส์ใหม่กว่า 100 เกมส์ สมัคร slotxo ได้เลยตอนนี้ บริการ 24 ชั่วโมง.
    Slotxo
    สล็อตxo
    สล็อตxo บนมือถือ
    สมัคร slotxo
    สมัคร slotxo รับโบนัสฟรี

    ReplyDelete
  26. MyPrepaidCenter
    After getting logged in, a user gets other details as well of their debit or credit cards. First, important thing is to create a profile at the myprepaidcenter.com.

    ReplyDelete
  27. iflyswaguide
    Iflyswa is a web portal for ticket booking created by the southwest airline. It’s the easiest way to book a flight or check the flight detail in one place.

    ReplyDelete
  28. getmyoffer
    The Capital One Venture One credit card is among one of the top travel rewards credit cards. They provide unlimited miles, there’s no annual fee, and your miles are excellent for some flights, any airlines, any hotels, & any rental cars with no blackouts. There’s no limit to how many miles you can get and you don’t have to be concerned about the miles expiring.

    ReplyDelete
  29. Password has great importance for our security and it is our duty to generate strong password, so that we can save our data from hackers. Dissertation writing services.

    ReplyDelete
  30. If you are searching for Custom Research Writing Services then you can opt for our Custom Essay Writing Services because we provide students across the globe with Custom Dissertation Writing Services At affordable cost.

    ReplyDelete
  31. Slotxo บริการ สล็อตออนไลน์ สล็อตxo แจกเครดิตฟรี พร้อม ทางเข้า slotxo เกมส์ใหม่กว่า 100 เกมส์ สมัคร slotxo ได้เลยตอนนี้ บริการ 24 ชั่วโมง.
    Slotxo
    สล็อตxo
    สล็อตxo บนมือถือ
    สมัคร slotxo
    สมัคร slotxo รับโบนัสฟรี

    ReplyDelete
  32. Finally find the info someone asked the other day about Natalie Portman on Idol Worth I was looking for it all over the web and luckily found it!

    ReplyDelete
  33. Microsoft.AspNetCore.Cryptography.KeyDerivation which contains cryptographic key derivation functions. This package is a standalone component and has no dependencies on the rest of the data protection system. It can be used completely independently. The source exists alongside the data protection code base as a convenience.
    URL: https://www.affordablelectricians.com.au/electrician-hawthorn.html

    ReplyDelete
  34. Nikmati Bonus Menarik Dari Bolavita Sekarang...
    -Nikmati Bous New member 10%
    -Nikmati Bonus Cashback Hingga 10%
    -Nikmati Juga Bonus jackpot Hingga Ratusan juta Rupiah Setiap harinya...

    Info Lengkap Hubungi:
    WA : 0812-2222-995
    Line : cs_bolavita
    Link : www.bolavita1.com

    TERIMA KASIH

    ReplyDelete
  35. If you're a web developer, you've probably had to make a user account system. The most important aspect of a user account system is how user passwords are protected. User account databases are hacked frequently, so you absolutely must do something to protect your users' passwords if your website is ever breached. The best way to protect passwords is to employ salted password hashing. This page will explain why it's done the way it is.
    URL: divorceattorneyfederalway.com/

    ReplyDelete
  36. How to Fix printer in error state hp ? Fix HP Printer Error State and HP Printer is in an Error State Mac

    ReplyDelete
  37. ASP.NET is a developer platform made up of tools, programming languages, and libraries for building many types of applications. Many developers use it for making money, and they enjoy a bright future. Dissertation writing service.

    ReplyDelete
  38. But against a higher ts911 bet standard of opposition on Saturday, he looked off the pace.

    ReplyDelete
  39. instead of lose, to TS911 Online potentially overtake them.

    ReplyDelete
  40. If Barcelona beat Levante on เว็บตรงTS911 Tuesday, they will go top. Should Atletico then draw with Real Sociedad on Wednesday,

    ReplyDelete
  41. Thank a lot. You have done excellent job. I enjoyed your blog . Nice efforts
    Data Science Certification in Hyderabad

    ReplyDelete
  42. Hi there i amm kavin, its my first occasion to commenting anywhere,
    when i read this paragraph i thought i could also
    create comment due to this sensible post.

    here's my website :: 오피 (jk)

    ReplyDelete
  43. You'll have to discover WPS Pin method For HP 4520 Printer to make an association with some other PC. The HP printer utilizes remote innovation and this innovation permits us to print records anyplace over the globe, anyplace.

    ReplyDelete
  44. Setup HP Officejet Pro Printer 8710p. Wireless Setup simplify the printing process; your printer and computer device should share the wireless network.

    ReplyDelete
  45. Wow, happy to see this awesome post. I hope this think help any newbie for their awesome work and by the way thanks for share this awesomeness, i thought this was a pretty interesting read when it comes to this topic. Thank you..
    Artificial Intelligence Course

    ReplyDelete
  46. Excellent Blog! I would like to thank you for the efforts you have made in writing this post. Gained lots of knowledge.
    Data Analytics Course

    ReplyDelete
  47. Awesome article. I enjoyed reading your articles. this can be really a good scan for me. wanting forward to reading new articles. maintain the nice work!
    Data Science Courses in Bangalore

    ReplyDelete
  48. I need to thank you for this very good read and i have bookmarked to check out new things from your post. Thank you very much for sharing such a useful article and will definitely saved and revisit your site.
    Data Science Course

    ReplyDelete
  49. Your site is truly cool and this is an extraordinary moving article and If it's not too much trouble share more like that. Thank You..
    Digital Marketing Course in Hyderabad

    ReplyDelete
  50. I feel very grateful that I read this. It is very helpful and very informative and I really learned a lot from it.
    Data Analytics Course

    ReplyDelete
  51. I am sure it will help many people. Keep up the good work. It's very compelling and I enjoyed browsing the entire blog.
    Business Analytics Course in Bangalore

    ReplyDelete
  52. Very good message. I stumbled across your blog and wanted to say that I really enjoyed reading your articles.
    AI Courses in Bangalore

    ReplyDelete
  53. I am really enjoying reading your well written articles. I am looking forward to reading new articles. Keep up the good work.
    Data Science Courses in Bangalore

    ReplyDelete
  54. Ucuz, kaliteli ve organik sosyal medya hizmetleri satın almak için Ravje Medyayı tercih edebilir ve sosyal medya hesaplarını hızla büyütebilirsin. Ravje Medya ile sosyal medya hesaplarını organik ve gerçek kişiler ile geliştirebilir, kişisel ya da ticari hesapların için Ravje Medyayı tercih edebilirsin. Ravje Medya internet sitesine giriş yapmak için hemen tıkla: ravje.com

    İnstagram takipçi satın almak için Ravje Medya hizmetlerini tercih edebilir, güvenilir ve gerçek takipçilere Ravje Medya ile ulaşabilirsin. İnstagram takipçi satın almak artık Ravje Medya ile oldukça güvenilir. Hemen instagram takipçi satın almak için Ravje Medyanın ilgili sayfasını ziyaret et: instagram takipçi satın al

    Tiktok takipçi satın al istiyorsan tercihini Ravje Medya yap! Ravje Medya uzman kadrosu ve profesyonel ekibi ile sizlere Tiktok takipçi satın alma hizmetide sunmaktadır. Tiktok takipçi satın almak için hemen tıkla: tiktok takipçi satın al

    İnstagram beğeni satın almak için Ravje medya instagram beğeni satın al sayfasına giriş yap, hızlı ve kaliteli instagram beğeni satın al: instagram beğeni satın al

    Youtube izlenme satın al sayfası ile hemen youtube izlenme satın al! Ravje medya kalitesi ile hemen youtube izlenme satın almak için tıklayın: youtube izlenme satın al

    Twitter takipçi satın almak istiyorsan Ravje medya twitter takipçi satın al sayfasına tıkla, Ravje medya güvencesi ile organik twitter takipçi satın al: twitter takipçi satın al

    ReplyDelete
  55. We base our services on complete customer satisfaction for your family or business profile. Our employees have impeccable mental and physical readiness to continually execute the highest expertise level demonstrating protection to the highest industry standards.private security Our experts have passed very rigorous security and verification clearances.

    ReplyDelete
  56. Great post happy to see this. I thought this was a pretty interesting read when it comes to this topic Information. Thanks..
    Artificial Intelligence Course

    ReplyDelete
  57. Nice Post thank you very much for sharing such a useful information and will definitely saved and revisit your site and i have bookmarked to check out new things frm your post.
    Data Science Course

    ReplyDelete
  58. Thanks Your post is so cool and this is an extraordinary moving article and If it's not too much trouble share more like that.
    Digital Marketing Course in Hyderabad

    ReplyDelete
  59. You have done excellent job Thanks a lot and I enjoyed your blog. Great Post.
    Data Science Certification in Hyderabad

    ReplyDelete

Copyright notice

© André N. Klingsheim and www.dotnetnoob.com, 2009-2018. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to André N. Klingsheim and www.dotnetnoob.com with appropriate and specific direction to the original content.

Read other popular posts