cryptography

Protect private key in Qt application

I have a Qt application written in C++ that uses a SSL-connection (QSslSocket) with another application for extra security. However, the application has a private key embedded in it. With applications like Process Explorer it's really easy to fish out the private key. (Properties of file -> Strings) Security is not very important for m...

PasswordDeriveBytes vs Rfc2898DeriveBytes, Obsolete but way faster

Guys, I'm working on a encryption functionality based on classes inherited from SymmetricAlgorithm such as TripleDes, DES, etc. Basically there're two options to generate consistent key and IV for my algorithm class, PasswordDeriveBytes and Rfc2898DeriveBytes, both inherit from DeriveBytes abstract class. The PasswordDeriveBytes.GetByt...

Three-way authentication/handing an authenticated client off to a different server?

Hi, I'm interested in creating a sort of hand-off authentication method, where there's a client and two servers (let's call them Alice, Bob and Carmen Sandiego, respectively). Alice is a client (in a browser) somewhere on the 'net, possibly behind a NAT that gives a different IP for outgoing requests to different addresses (I know there...

Is a hash result ever the same as the source value?

This is more of a cryptography theory question, but is it possible that the result of a hash algorithm will ever be the same value as the source? For example, say I have a string: baf34551fecb48acc3da868eb85e1b6dac9de356 If I get the SHA1 hash on it, the result is: 4d2f72adbafddfe49a726990a1bcb8d34d3da162 In theory, is there ever a...

Why is XOR used on Cryptography?

Why is XOR only used in the cryptographic algorithms, and other logic gates like OR, AND and NOR are not used? ...

Encrypting with RSA private key in Java

I'm trying to encrypt some content with an RSA private key. I'm following this example: http://www.junkheap.net/content/public_key_encryption_java but converting it to use private keys rather than public. Following that example, I think what I need to do is: Read in a DER-format private key Generate a PCKS8EncodedKeySpec call gener...

Derivation of IV for CBC Chaining Mode

Is there any secure way of deriving the value of IV for use in CBC mode (e.g. 3DES CBC) aside from randomizing the IV? ...

MD5 and sequential number

I have some sequential id which can be easily guessed. If some want to see data related to this id he has to prove his access by token I gave him before. token = md5(secret_key + md5(id)) Is MD5 good enough for this job? ...

Suggestions on storing passwords in database

Here's the situation - its a bit different from the other database/password questions on StackOverflow.com I've got two sets of users. One are the "primary" users. The others are the "secondary" users. Every one has a login/password to my site (say mysite.com - that isn't important). Background: Primary users have access to a third sit...

Securing passwords in config problem.

My .NET WinForms application connects to ftp server and downloads a file. To do that a password for the connection is required. The password should be stored in a configuration file, but it should be encrypted. The only solutions to do that that I've found include either securing whole config section (which is no use for me as in the app...

Cryptographic Error Signing Assembly - Bad version of provider

Hi, i am having issues building a c# project after moving from one pc to another - i have read i need to run the dssprojectmigration.exe tool. does anyone know where to get dssprojectmigration.exe from? ...

C# CryptoStream result not as expected

I'm trying to understand why the following code results in the encrypted byte array being 16 bytes if plainText is 8 bytes in length. I expected the result to also be 8 bytes in length? private static byte[] encrypt(byte[] key, byte[] plainText) { try { using (MemoryStream ms = new MemoryStream()) { D...

cryptoapi for dummies

Can some one point me to some books or online resources to help learn about the windows cryptoapi package? I did find "Cryptography for Visual Basic" by Richard Bondi. I'd be more interested in something aimed at C++ or the package in general. The MDSN is overwhelming! ...

Basic questions on Microsoft CryptoAPI

I've been looking through the MSDN trying to understand the crytoapi. Below are some questions and guesses as to how things might work. Any answers or confirmations or refuting of my surmises much appreciated. According to the note I found at http://msdn.microsoft.com/en-us/library/ms867086.aspx, the CSP keeps public private key pairs ...

Can the Diffie-Hellman protocol be used as a base for digital signatures?

I am implementing a custo crypto library using the Diffie-Hellman protocol (yes, i know about rsa/ssl/and the likes - i am using it specific purposes) and so far it turned out better than i original expected - using GMP, it's very fast. My question is, besides the obvious key exchange part, if this protocol can be used for digital signa...

CryptographicException: Couldn't acquire crypto service provider context.

Reposting from http://www.mentalis.org/forum/thread.qpx/971 because I need an answer. I hope you guys can help me out. The component in question is Org.Mentalis.SecurityServices.dll. Hey all. I'm having troubles. CryptographicException: Couldn't acquire crypto service provider context. StackTrace: at Org.Mentalis.SecurityServices....

Encrypting/decrypting data to database

I need to create a .NET application that will store some confidential information to the database (e.g. passwords and stuff). I could use symmetric encryption to encrypt these before I store them to database but if someone de-compiles source code symmetric password could be compromised. Since this is going to be service application I ca...

C#: How to encrypt/decrypt a string?

Following up on this question, I would like to know what an RSA key is, and how I would go about creating and using one. Thanks in advance. ...

Crypto, hashes and password questions, total noob?

I've read several stackoverflow posts about this topic, particularly this one: http://stackoverflow.com/questions/401656/secure-hash-and-salt-for-php-passwords but I still have a few questions, I need some clarification, please let me know if the following statements are true and explain your comments: If someone has access to your d...

crypto api - block mode encryption determining input byte count

I'm trying to encrypt some date using a public key derived form the exchange key pair made with the CALG_RSA_KEYX key type. I determined the block size was 512 bits using cryptgetkeyparam KP_BLOCKLEN. It seems the maximum number of bytes I can feed cryptencrypt in 53 (424 bits) for which I get an encrypted length of 64 back. How can I...