By default, Ruby on Rails stores session data in cookies. This has many advantages, such as the lack of need to setup any persistence layers on the server side. However, the session data is not encrypted, and the Rails app that I'm writing puts potentially sensitive data in the session. I'd like to avoid storing session data server-side ...
According to various sources, attacks looking for sha-1 collisions have been improved to 2^52 operations: http://www.secureworks.com/research/blog/index.php/2009/6/3/sha-1-collision-attacks-now-252/ What I'd like to know is the implication of these discoveries on systems that are not under attack. Meaning if I hash random data, what ar...
I am implementing a simple license-file system, and would like to know if there are any mistakes I'm making with my current line of implementation. The message data is smaller than the key. I'm using RSA, with a keysize of 3072bits. The issuer of the licenses generates the message to be signed, and signs it, using a straightforwards RS...
Where can I get a sample code or documentation on using the OpenSSL ECC support to encrypt or decrypt a text string ? I am able to generate ECC private/public key using openSSL API's, but I don't know how to encrypt a plain text using that key ! ...
OK, I give up. I have been trying to figure this out for weeks now. I think I will leave it to the crowd-sourcing machine. Can Somebody Please Make A PHP 5 Equivalent Of Anyone Of The 2 Classes Below? (I mean with that both encrypted Silverlight Cryptography Class 1: Public Class AES128Helper Public Password As String = Nothing ...
Hi, I need to use Sun JCE provider in an application that is running on IBM Websphere. This can be achieved by specifying the security_provider.1=com.sun.crypto.provider.SunJCE. Some parts of my application make use of SSL facilities of IBM. I want to know whether configuring the SunJCE provider affects the JSSE provider usage in other...
I'm trying to create an authenticated HTTP service endpoint by using shared secret. A good example is Flickr signing scheme. I'd like to know what is the best public key and secret key length? I'm almost sure people will say arbitrary, but would like to know what are the general opinion and why. Another question, Flickr uses MD5 to ge...
I want to feed OpenSSL specific data for use as random seed during the signing of data with an EC key. I'm doing this to compare my application with another reference one (closed source). That utility takes the file with private key, file with data to sign and file with random data as parameters. I've got the generation of EC keys, and ...
...
I kown RSACryptoServiceProvider can encrypted with the public key,then it can be decrypted with the private key. Is possible to encrypt with private key and decrypted with the public key using RSACryptoServiceProvider ? ...
I have an edge case. I'm building code that reads binary datafiles produced by a commercial, closed source tool. The information on the data format is specified in a document. For data integrity checks, the vendor's spec calls for an HMAC based on SHA1, using a key derived from a password as per RFC2898. Many programming environments h...
I'm looking for a file encryption library under .NET. It needs to be able to seek so CryptoStream is out of question. (I know it inherits a Seek method but it's not implemented.) I need to seek because my application deals with large files in a non-sequential order. I also need to read and write the files at the same time. I know that...
I want to use RSA public key encryption, and I'm wondering what is the best way to store or retrieve private and public key. Is XML a good idea here? How to get the keys? RSAParameters privateKey = RSA.ExportParameters(true); RSAParameters publicKey = RSA.ExportParameters(false); Because RSAParameters have the following members: D, D...
What is the difference between a multi-collision in a hash function and a first or second preimage. First preimage attacks: given a hash h, find a message m such that hash(m) = h. Second preimage attacks: given a fixed message m1, find a different message m2 such that hash(m2) = hash(m1). Multi-collision attacks: generate a series o...
I'm new to encryption. I need to implement asymmetric encryption algorithm, which i think it uses private/public key. I started using a sample of RSACryptoServiceProvider. it was ok with small data to encrypt. But when using it on relatively larger data "2 lines", i get the exception CryptographicException "Bad Length"! //Create a new ...
(Re-written question, please see history for original). The question is right there in the title. Why is there no managed MD5 implementation in the .NET framework? I'm specifically talking about a purely managed code implementation of the MD5 algorithm, which does not exist within the .NET framework. Within the System.Security.Crypto...
I'm using DES encryption, and I want to store the key of TripleDESCryptoServiceProvider. But the key consists of (Key + IV), I was trying to save them in an XML file using XmlTextWriter Convert.ToBase64String(...) but there was an exception due to IV contains invalid characters "=" in XML. Is there a better way to store symmetri...
If an encrypted file exists and someone wants to decrypt it, there are several methods do try. For example, if you would chose a brute force attack, that's easy: just try all possible keys and you will find the correct one. For this question, it doesn't matter that this might take too long. But trying keys means the following steps: Ch...
Already understanding that AES is the encryption method of choice, should existing code that uses DES be re-written if the likely threat is on the level of script kiddies? (e.g. pkzip passwords can be cracked with free utilities by non-computer professionals, so is DES like that?) A quick google search seems to imply that even deprecate...
I'm working a small project, using AES encryption and wanted to use it in streaming mode, which is considered a more "suitable" mode for socket usage? OFB or CFB? I've been reading about it and can't really decide, so any ideas are highly appreciated. I'll be using OpenSSL/C++. ...