If I have just encrypted some plain-text into cipher-text with CBC and Rijndael, is it insecure to tell the world that the original plain-text had a length of x bytes? It seems that it's always the same as the length of the cipher-text, so, I think it does not matter, but are there some block modes or ciphers where it does matter? ...
What are the advantages / disadvantages of those 3 methods to create a salt? $salt = md5($password); $salt = sha1(md5($password)); $salt = generate_random_number(); Computing hash: $hash = sha1($salt + $password); ...
I am in the process of rewriting an old application. The old app stored data in a scoreboard file that was encrypted with the following code: private const String SSecretKey = @"?B?n?Mj?"; public DataTable GetScoreboardFromFile() { FileInfo f = new FileInfo(scoreBoardLocation); if (!f.Exists) { return setupNewScoreB...
I need to create a program which will show how elliptic curve cryptography works. I was considering using Java Swing to create the GUI, but the main problem is what tool to use to plot the elliptic curve itself, and how to integrate that with Java Swing. I would like the plot to be included in the user interface and also allow changes ...
This is a followup question to question 1072540, 'WinVerifyTrust to check for a specific signature?'. I want to write a C++ function Lets call it 'TrustedByUs' of the form: bool TrustedByUs(std::string pathToBinary, std::string pathToPublicKey) The idea is that we give this function a path to a binary .dll or .exe file that has been ...
So I'm making a website for a game. Nothing that will get popular :P Right now I'm thinking about password security, I'm gonna use salting but instead of adding a new column in account table I was thinking about using the account name as salt since it cant be changed, and is "unique". I mean 2 users cant have the same account name. But...
Hi can you recommend an open source Delphi crypto library that works with Delphi 2006, Delphi 2009 & Delphi 2010 Algorithms need: DES, MD5, SHA-1 ...
I was wondering - is there any disadvantages in using the hash of something as a salt of itself? E.g. hashAlgorithm(data + hashAlgorithm(data)) This prevents the usage of lookup tables, and does not require the storage of a salt in the database. If the attacker does not have access to the source code, he would not be able to obtain the...
Should I break the text into chunks? Is RSA the wrong encryption scheme? ...
Hello, I am trying to encrypt and then decrypt files using asymmetric encryption. I've created a test certificate using makecert and installed it into my personal localmachine store. In future I'll have to install this certificate on several servers, that's why I've created it with "-pe" flag, that is, with exportable private key. The c...
I am looking for some suggestions on how to secure access to a RESTful API which initially be used by an iPhone application, but will have other clients in the future. The data exposed by this API must be kept secure as it may contain health information. All access will be done over HTTPS. I was thinking that I'd like to require pre-reg...
Hi, this is probably a n00b question, but I don't really have any experience in this area. I need to create a p12 bundle containing an X509 certificate and the private key. I currently have two objects, the X509Certificate2, and the RSAParameters object which contains key information. How do I combine these into a p12 file? I just ...
I have earlier asked a related question here. I have come up with a scheme which I shall describe below. I request experts out there to provide feedback. Since the target application is a consumer application, implicit assumption is that the application won't be deployed on BES. If required, a separate application would be developed th...
I'm working on a software project where the application will end up being run in an untrusted environment. I have a need to perform some ancillary cryptographic signing (meaning this is not the primary means of securing data), but do not wish to leave the key in plain view as such: private static final String privateKey = "00AABBCC.......
I'm trying to digitally sign an XML document using Java. I've got an implementation working with some references I've found that use various implementations in the javax.xml.crypto.dsig package. However, my current implementation is like many of the examples I've looked at - it's rather verbose and involves using no less than 23 differe...
Primality Check is probably one of "those" tough problems in mathematics. So, whats is the best and fastest algorithm available to check the primality of a huge number. The most crude and the slowest way probably is: public static bool IsPrime(int i) { for (var x = 2; x < i - 1; i++) { if (i % x == 0) { ...
Does anybody know some simple authentication and data transfer protocol based on symmetric keys only? Due to memory constraints (kilobytes RAM and ROM) we cant afford asymmetric cryptography and due to closed environment asymmetric cryptography does not increase security of any way. I am looking for simple symmetric cryptography protoc...
Mornin', I'm trying to just get basic encryption working using System.Security.Cryptography.RjindaelManaged. I have google for this error and cannot find the problem, or what I am doing wrong. All I am attempting to do is encrypt a string, and then decrypt a string. Following is my code, and any help would be appreciated. Imports Syste...
is the padding of RIPEMD-160 exactly the same as MD4 padding, down to the little-endian change? if i input "abc" in ascii, the processed data in hex should be 8063626100000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000001800000000 right? ...
At the moment i'm busy to implement a website, database and software which will fill this database. The website is placed at an external hosting company, the software is running at out local netwerk. The website needs to read the information in the database, the local software will put its results (these data) in the database. Question:...