I've always used a proper per-entry salt string when hashing passwords for database storage. For my needs, storing the salt in the DB next to the hashed password has always worked fine. However, some people recommend that the salt be stored separately from the database. Their argument is that if the database is compromised, an attacker...
Like most programmers, I am not an expert on cryptography but I understand the basics. However, a little knowledge can be a dangerous thing, as noted in Jeff's blog post. With that in mind, I understand the purpose of a salt value but I need a little help understanding how to use salt values. I've read in the other posts on this subject...
I need a secure (cryptographic) hash function with the following properties: Can be coded in as few lines as possible (in R5RS Scheme). Hopefully under 50. Memory and CPU performance within reason for password-length data. (e.g. it does not have to be super efficient or create hashes for millions of bytes of data) Most secure hash fu...
For demonstration-purposes, what are a couple examples of strings that collide when hashed? MD5() is a relatively standard hashing-option, so this will be sufficient. ...
Hello, I have installed a certificate with Subject "UW008" in the MY store (CERT_SYSTEM_STORE_CURRENT_USER). When i run my test application, logged in as an Administrator, my test application is able to find the certificate with the corresponding subject ID. When i tried to access the same application from across a network(with same ad...
I'm trying to do a Google App Engine project on OS X (latest and greatest). I'm using classes from javax.crypto, and I'm seeing an AccessControlException thrown when I try to initialize an instance of the Mac class. Here's the stack trace: WARNING: Nested in java.lang.ExceptionInInitializerError: java.security.AccessControlException: ac...
Hi coders, I'm new to the whole Crypto thing, so I beg some basic pointers. I need to load .PEM (X509) "-----BEGIN RSA XXX KEY----- -----END RSA XXX KEY-----" into a Windows Crypto Api context to use with C++ (I found examples for Python and .NET but they use specific functions I can't relate to the plain Windows Crypto Api) I underst...
I've got an app that generates a hash off of a user password, which I then use to encrypt data with. I want to extend this to the case where any 2 out of 5 users need to authenticate the app before it has enough data to generate that hash. The problem I've got is I need to generate the exact same hash no matter which 2 of the 5 users au...
I'm working on a desktop application and would love to use any hardware random number generators that happen to be available, though I dont want the user to have to do any confusing setup to use it. its Java/Clojure based so something in the java world would be nice though I'm willing to work with just about anything. Know of any program...
I am trying to encrypt data with a password and store it inside a ASN.1 encoded CMS message (using C# and BouncyCastle 1.4) The code I have seems to have two problems: the data does not seem to be signed with a HMAC, so when I tamper with the encodedData (by enabling the commented out line), the decryption still succeeds. when I decry...
Someone told me that he has seen software systems that would accept MD5 encrypted passwords (through various integrations with other systems), decrypt them, and store them in the systems own database using it's own algorithm. Is that possible? I thought that it wasn't possible (feasible) to decrypt MD5 hashes. I know there are MD5 dic...
I was reading about Key Containers in .NET as a secure a place to store a private key for asymmetric cryptography and digital signing. My question is how secure is the Key Container? because I've found out if I know the key container name, then i will be able to retrieve the private key using the following: // Create the CspParameters ...
I am implementing an log-structured file system and want to encrypt a series of blocks by using the .NET Cryptography namespace. I've chosen the Aes symmetric encryption, created the key and the initial, random Initialization Vector. So far so good, using the ICryptoTransform returned by SymmetricAlgorithm.CreateEncryptor() it is possib...
When I am encrypting 23 using MD5 encryption I am getting 37693cfc748049e45d87b8c7d8b9aacd this 32-character long string which will always be static for 23. I want the same kind of mechanism but that should generate 18 or less (like: 122ff1e4883358b6) characters long string instead 32. How I can do that in C#, is there any shorter ver...
I'm trying to asymetrically encrypt a message of arbitrary length with bouncycastle. (1.4+ with C#) This is the code I have right now. It is supposed to (but doesn't) generate a CMS message where the data itself is encrypted with AES256 with a random key and the key is encrypted with the public key from keyPair. keyPair is an RSA-Key ...
Hi, I've tried every example I can find on the web but I cannot get my .NET code to produce the same MD5 Hash results from my VB6 app. The VB6 app produces identical results to this site: http://www.functions-online.com/md5.html But I cannot get the same results for the same input in C# (using either the MD5.ComputeHash method or the ...
Is there any efficiency analysis of how MD5 dependent on the file size. Is it actually dependent of file size or content of the file. So for i have 500mb file with all blank spaces and a 500mb file with movie in it, would md5 take same time to generate the the hash code? ...
Why would anybody use the "standard" random number generator from System.Random at all instead of always using the cryptographically secure random number generator from System.Security.Cryptography.RandomNumberGenerator (or its subclasses because RandomNumberGenerator is abstract)? Nate Lawson tells us in his Google Tech Talk presentati...
I'm building a web service that requires me to generate custom sessions and random passwords etc. I was wondering if making a static class and using 1 static RNGCryptoServiceProvider instance for the entire website is a good idea? 1. Is it threadsafe from multiple http request instances? 2. Is it secure? If I allow someone to generate m...
Background: I got some data encrypted with AES (ie symmetric crypto) in a database. A server side application, running on a (assumed) secure and isolated Linux box, uses this data. It reads the encrypted data from the DB, and writes back encrypted data, only dealing with the unencrypted data in memory. So, in order to do this, the app is...