What is a simple and effective means of encrypting data?
I know the theory behind symmetric and asymmetric encryption keys but I do not know how to use them for a Web application. This is not a theoretical question. I work for a company that does Web programming for a government agency. It seems to me that the current encryption method is insecure for the following reasons:
1. It is done on the server side, which would seem to be completely useless.
2. Only the password is encrypted. If this were done on the client side, the encryption would at least prevent someone intercepting the data from stealing the password, but it would still allow someone to read the information and to inject information by using the encrypted password.
3. The encryption is done using a rather unsophisticated substitution cipher.
Our programming is done in .net. I have heard about TLS encryption, but I don’t know how it works. There are some Web articles that make it seem as if it is just necessary to configure a computer and it will then automatically use TLS. It can’t be that easy. I don’t need to know the specifics. I just need to know the general strategy.
This question is in the General Section. Responses must be helpful and on-topic.