data-protection | sample code that builders can use | Cloud Functions library

This answer was also helpful.

I solved this by adding this code to the test harness startup

I don't know about the size of your data. But you can use hashing in this way to reduce the chances of collisions to 0.

1. Hash the original key before storing it to your external store.
2. You can tweak the value to be a dictionary of key:value, where key is original key and value is original value.
3. Encrypt the value (now a dictionary) before storing it to the store.
4. Next time onwards, when you want to do the lookup. First hash the original key and check for the match. If it matches then decrypt the dictionary value and do the lookup of original key in the dictionary. If match then good. If the original key is not found then append the new key and value in this dictionary and then encrypt the whole dictionary again and store it on your store.

This reduces the collision to 0 but this will increase the payload size which may not be desired in your case.

Disclaimer: I'm not a GDPR expert but I believe the following to be sufficient.

From a bot standpoint the data stored is the same in Teams channel. You have the conversation state and user state data which is typically (and in most of the examples) set up using Blob storage. I use the conversationState and userState nomenclature for these items.

In my use case, I am storing account number in userState and user name/email in conversationState. Note that there are other things that the bot stores (particularly in conversationState I believe) around the state of the dialog and other bot specific things that are rather meaningless generally but I don't know if they would be considered part of GDPR. Regardless we will be wiping these entire objects out.

To do that, I created a dialog to manage the user profile which displays the key information stored (I'm specifically accessing account number, user name, and email) and then prompts the user for if they want to delete the information. It looks like this in nodejs.

Twilio developer evangelist here.

I'm afraid there is no API to programmatically delete SendGrid information.

The process to get user data deleted under GDPR is as follows:

Because we retain email message activity for only a short time, most deletion requests are handled through our automatic timeout process; however, if you require an earlier deletion, please reach out to us directly at datasubjectrequests@sendgrid.com. Please include the following information:

• Customer Account ID (or subaccount if applicable)
• Recipient email address to be deleted

To ensure correct and timely processing of your request, please include this information in CSV (comma-separated value) format, or in a spreadsheet with two delineated columns. If you are requesting removal of more than one account, please send multiple requests for deletion in a single spreadsheet or CSV file. Your deletion request will be completed within 7 days.

Submissions in an incorrect format may not be processed correctly, may not be processed promptly, and may get lost.

I found the root cause of the issue, the problem was not in DataProtection, Authentication or Cookies. The problem was with Session, it used memory to store sessions so other servers (except which created) didn't know anything about the session. So I added storing session in database, like this one:

For PasswordPropertyTextAttribute to be effective, it must be "turned on" by setting its Password property to true. If the default constructor is used, the Password property is false and the attribute has no effect.

The easiest way to make it work is to add the attribute to the property with the line [PasswordPropertyText(true)], instead of [PasswordPropertyText], to invoke the appropriate non-default constructor.

Persisted options values can be encrypted by overriding the DialogPage LoadSettingsFromStorage, SaveSettingsToStorage, LoadSettingsFromXml, and SaveSettingsToXml methods as described in this answer.

Implementing a custom TypeConverter to handle the encryption/decryption (similar to this approach) isn't useful because the same TypeConverter is used for converting to/from string values in the PropertyGrid and also when persisting the value in the Visual Studio registry or XML exports. So if the converter can handle plain text inputs in the PropertyGrid, it will also generate plain text strings when the object is saved to storage or exported to XML.

By default DPAPI uses AES-256-CBC as encryption algorithm unless you change it via UseCryptographicAlgorithms. As per default algo, the calculation would go like this for your case:

Since it's AES 256, it would work with 32 bytes block. So with CBC padding, you output becomes ((119/32) + 1) * 32 + 16 (IV) = 144. After base64, it becomes 192.

So, having it 352 brings up the question is the stamp really 36 in your case?

36 characters for the security stamp (string representation of a GUID)

Also, in deployed environment, make sure to store data protection key outside app since each instance of the app service needs to point to the same key.

The output of PBKDF2 can be specified. A PBKDF is a password based key derivation function. Generally those have a key expansion phase that allows the output to be specified.

However, if PBKDF2 is used as password hash rather than for key derivation the size of the configured hash is kept; that provides the maximum security that can be retrieved from the algorithm. In this case that's SHA-1 that generates 160 bits / 20 bytes.

Unless you really need text, the output can be stored as static binary of 20 bytes. In your case you should be storing it as base 64 version of the 20 bytes. That should amount to a fixed 28 bytes: ((20 + 2) / 3) * 4 = 28 to calculate the base 64 expansion. However, your code explicitly specifies the output size to be 256 / 8 = 64 bytes. A quick calculation suggests that it always uses 88 base 64 characters for that size.

Producing 64 bytes while using SHA-1 is not a good setting because it requires the inner function of PBKDF2 to run 4 times, giving you no advantage of running it only once to produce 20 bytes, giving advantage to an attacker. An attacker only has to check the first 20 bytes to make sure a password matches, after all, and for that only one of the four runs is required. The method that PBKDF2 uses to expand the key size over the hash size is really inefficient and may be considered a design flaw.

On the other hand, 10.000 iterations is not very high. You should, for PBKDF2:

1. specify the output size of the underlying hash as output size (20 bytes instead of 64 bytes for SHA-1) and
2. use a higher number of iterations (limited by how much CPU time you can spend in PBKDF2).

The size of the password doesn't have any influence on the size of the password hash.

Beware that some password hashes on other runtimes create a password hash string themselves, more compatible with crypt on Unix systems. So they would have a larger output that is not directly compatible.

UserInout : plaintext ==> Send to authentication service,

create account: generate salt, hash given plaintext-password with salt, store in account infos

authenticate: read hash from account info in your database, hash the given plaintext password with the read salt and compare that hash with the hash in your database. That is the simplest way of authentication.

Be sure to always use the individual hash that was created for each account, otherwise the hash will always be different and authentication will fail.