cryptography

Using hash of password with SSL

OK this might sound like a strange question. Please read carefully before jumping on me OK? ;-) Imagine this situation: We have a server and a client. They connect using SSL. Client creates account on server with password. But, what he actually passes to server over the wire is the hash (+salt) of the password (NOT the password) Ser...

Windows Mobile content encryption

In my windows mobile application (v.6.x) I'm downloading media files onto the device. Is there a beaten path for encrypting this content? So that the media file can just be decrypted by the application, e.g. shuffle every 100th byte or something like that ...

Basics of string based protocol security

I wasn't sure how to phrase this question, so apologies in advance if it's a duplicate of something else. I wanted to sanity check how I've secured my twisted based application and think I've done a good job at it, but it's been over a decade since I've written anything that uses raw or managed sockets. Authentication transaction: Cl...

How can I create an authentication cookie, but w/o asp.net formsauthentication?

Do we know the algorithm that asp.net uses to create the authentication cookie (when using forms authentication?) Can we basically create our own copy implementation? if so, how? What does it use to generate the encrypted cookie value, I know it uses whatever you pass into the SetAuthCookie call (which is usually the userID/username). ...

What are my options for a career-path involving cryptography and security

Hey, I'm a student reaching a critical point - I've got to start looking for a job. The thing I'm most passionate about is applied cryptographic protocols and I've somewhat centered my education around learning as much as possible in this area. As a fresh grad I don't expect to find many opportunities to work in this field but I still w...

RSA: How to generate private key in java and use it in C#?

I would like to generate private key in java, save it as a 64 base encoded string in some file and then encrypt some phrase in C# using this saved file. I know to generate keys in java and encode it with 64 base. My question is how do I use this key in C#? This is a java code prototype to save private key into text file: KeyPairGenerato...

how to encrypt folder in c#?

A folder on File System contains .xml files, .txt files and a file exposed by third party tool. Using c# (in VS 2008), I want to encrypt the whole folder in someway before transferring it through FTP. Help is appreciated. ...

ruby - how to encrypt text

Hi, I need to encrypt a string (from a text area) that will also be decrypted later on when it is displayed. I'm not to concerned about it being majorly secure, but just don’t want to store the data in plain text format. Does anyone have any suggestions on how to do this easily in rails? Thanks, Jon ...

ASP.NET Hashed PW's + Salt Confusion

I am following the MSDN article located here: http://msdn.microsoft.com/en-us/library/aa302398.aspx My confusion is over the function: private static string CreatePasswordHash(string pwd, string salt) { string saltAndPwd = String.Concat(pwd, salt); string hashedPwd = FormsAuthentication.HashPasswordForStoringInConfigFile(...

Encryption to alphanumeric in System.Security.Cryptography

I have a project which requires encryption of customer ids. The encrypted value is used as a query string value for a website which then returns a personalized form for completion. The problem I'm having is that the website we are working with has a security policy which disallows non-alphanumeric characters from a query string. I'm...

Crypto Liberary for Iphone, BlackBerry, Android and .Net

Dear Gurus We are working on a application suite with support of windows(.net), Iphone, Android and Blackberry and all these application shares the same data (syncs with a wcf services). Whenever a device ads a new record, it encrypts the data and and saves in the local database and on sync it post the record to server as it is. Now...

Is there a physical lock that can demonstrate asymmetric crytographic principles?

I wish to demonstrate asymmetric encryption using real-world locks. For example, I want to write a secret on a piece of paper and deposit it in a locked box. Is there a lock I can buy that comes with two keys, one that only locks the lock and another that only unlocks the lock? ...

Symmetric Key to Asymmetric key handoff

I'm not a cryptography expert, I actually only have a little bit of experience using it at all. Anyways, the time has come where one of my applications demands that I have some encryption set up. Please note, the program won't be managing anything super critical that will be able to cause a lot of damage. Anyways, I was just trying to...

CMSSignedDataStreamGenerator hash does not match.

Hi! I`m writing an application that signs and envelopes data using BouncyCastle. I need to sign large files so instead of using the CMSSignedDataGenerator (which works just fine for small files) I chose to use CMSSignedDataStreamGenerator. The signed files are being generated but the SHA1 hash does not match with the original file. Co...

Is file encrption different from content encryption

Is there any difference between encrypting a file and encrypting the content of the file. If so, how to do the both. ...

Why, after using 'CryptSetHashParam', can I no longer add data to my MD5 hash object?

I am trying to use the Microsoft 'Crypt...' functions to generate an MD5 hash key from the data that is added to the hash object. I am also trying to use the 'CryptSetHashParam' to set the hash object to a particular hash value before adding data to it. According to the Microsoft documentation (if I am interpreting it correctly), you s...

Is this login scheme secure ?

Here is what I got for a webapp login scheme. Present in database would be two salts and hmac(hmac(password, salt1), salt2). When the user go on the login page, he gets salt1. If he has javascript activated, instead of sending the plaintext password, it would send hmac(password, salt1). If he does not have javascript, the plaintext pass...

How to verify ECDSA/SHA2 S-MIME signature with python ?

We need to choose between two signature schemes: RSA/SHA2 S-MIME signatures ECDSA/SHA2 S-MIME signatures For that our python software needs to support one of this scheme. Currently for some political reasons the ECDSA solution is prefered. Is the ECDSA solution supported by any of the python crypto modules (M2Crypto, ...) and do you...

C# How to encrypt a data file Bouncy Castle pgp?

I want to be able to send encrypted files from one app (windows forms) to another (asp.net). I've looked at bouncy castle, but there doesn't seem to be much documentation. Are there any simple bouncy castle pgp c# examples? How is pgp done in c# using bouncy castle? Is this the right approach?: Server app (winforms) has a private key...

How to read a private key from pvk file in C#?

Hi, I have to read a private key, and this key is on pvk format. I use X509Certificate2 class, but i this class i have only public key access. How can i get a private key from pvk file? thanks Luiz Costa ...