cryptography

Using blowfish encryption with Android?

I'm trying to use a blowfish cipher inside an Android application. It appears that the Android platform supports blowfish (it appears to be in the source code), but when I try to get a cipher using: Cipher.getInstance("blowfish"); I get a "java.security.NoSuchAlgorithmException" ...

Encryption puzzle / How to create a PassStub for a Remote Assistance ticket

I am trying to create a ticket for Remote Assistance. Part of that requires creating a PassStub parameter. As of the documentation: http://msdn.microsoft.com/en-us/library/cc240115(PROT.10).aspx PassStub: The encrypted novice computer's password string. When the Remote Assistance Connection String is sent as a file over e-mail, to pr...

Pohlig–Hellman algorithm for computing discrete logarithms

Hi Folks, I'm working on coding the Pohlig-Hellman Algorithm but I am having problem understand the steps in the algorithm based on the definition of the algorithm. Going by the Wiki of the algorithm: http://en.wikipedia.org/wiki/Pohlig%E2%80%93Hellman_algorithm I know the first part 1) is to calculate the prime factor of p-1 - which i...

Too much data for RSA block fail. What is PKCS#7?

Talking about javax.crypto.Cipher I was trying to encrypt data using Cipher.getInstance("RSA/None/NoPadding", "BC") but I got the exception: ArrayIndexOutOfBoundsException: too much data for RSA block Looks like is something related to the "NoPadding", so, reading about padding, looks like CBC is the best approach to use here. I foun...

If attacker has original data and encrypted data, can they determine the passphrase?

If an attacker has several distinct items (for example: e-mail addresses) and knows the encrypted value of each item, can the attacker more easily determine the secret passphrase used to encrypt those items? Meaning, can they determine the passphrase without resorting to brute force? This question may sound strange, so let me provide a ...

Best practice for secure socket connection.

What is the best practice for a secure socket connection (without SSL). I will be moving sensitive data (logins/passwords/accounts) across TCP Socket connection, and wondering if there is a good/fast way of Encrypting/Decrypting and avoiding malicious injection. ...

Is there a library or other way to do 128-bit math operations?

I am writing a cryptography application and need to work with 128 bit integers. In addition to standard add, subtract, multiply, divide, and comparisons, I also need a power and modulo function as well. Does anyone know of a library or other implementation that can do this? If not 128-bit, is there a 64-bit option available? ...

Handling User Authentication in .NET?

I am new to .NET, and don't have much experience in programming. What is the standard way of handling user authentication in .NET in the following situation? In Process A, User inputs ID/Password Process A sends the ID/Password to Process B over a nonsecure public channel. Process B authenticates the user with the recieved ID/Password ...

Rerversing AND Bitwise.

Hey all, Here's the following algorithm: int encryption(int a, int b) { short int c, c2; uint8_t d; c = a ^ b; c2 = c; d = 0; while(c) { c &= c - 1; d++; } return d; } How can I find which variable a and b I should send in that function to decide of the output value of d? In other w...

Securing Coredata objects

I am working on an application which has got some sensitive information. I am aware that it would be difficult for a layman to hack into iphone to get the information. If I use SQLite directly I have something called SQLite Cipher to encrypt / encode the database. Is there anyway where I can have the same way of encrypting the coredat...

How do I use m2crypto to validate a X509 certificate chain in a non-SSL setting

I'm trying to figure out how to, using m2crypto, validate the chain of trust from a public key version of a X509 certificate back to one of a set of known root CA's when the chain may be arbitrarily long. The SSL.Context module looks promising except that I'm not doing this in the context of a SSL connection and I can't see how the infor...

simple yet secure encrypt / decrypt asp to asp.net

First post here. I have a asp/vb6 web app that logs in a user I want to encrypt the users identity field and pass(querystring) it to a asp.net app and then decrypt it to do a db lookup. I've google'd it of course and found rot13, not secure enough. I've also found some hits on MD5 / RC4 but did not find any good examples of encrypt / ...

MySQL - connection and security

Hi, I was wondering if someone could tell me if there is any potential security breeches that could occur by connecting to a sql database that does not reside at 'localhost' i.e. via ip address? Regards, Phil ...

For AES CBC encryption, whats the importance of the IV?

What is the security threat of always using all zeroes for the IV? If it allows the encrypted text to be deciphered, how could an attacker do that? UPDATE: So then, if the first block of unencrypted data had a timestamp that never repeated, would an IV still be necessary? ...

Is the integer-factorization problem (used for many cryptographic applications) NP-Complete?

As the question states, does the integer-factorization problem fall into the class of NP-Complete problems? ...

Cookiless Session Is it a security risk?

Hi http://msdn.microsoft.com/en-us/library/aa479314.aspx You have a user who successfully log in from a machine in Cybercafe, Hacker H able to sniff the network and get the sessionID of the user, Can H use the sessionId and act as the user from another machine? Can H enter http://folder/(session id)/CreditCardInformation.aspx to kno...

How can I hash passwords in postgresql?

I need to hash some passwords with salt on postgresql, and I haven't been able to find any relevant documentation on how to get that done. So how can I hash passwords (with some salts) in postgresql? ...

lightweight cryptography toolkit(s) for c++ and python

Hi, I'm looking to do some basic encryption of server messages which'd be encrypted with C++ and decrypted using Python serverside. I was wondering if anyone knew if there were good solutions that were simpler or more lightweight than Keyczar. I see that supports both C++ and python, but would using Crypto++ and PyCrypto be simpler for...

Suggest a best algorithm to encrypt XML file in C#.NET ?

I have to encrypt XML file and send in network to place in a private server. My other application will decrypt and import to SQL the file by giving the actual Public key. Could you please suggest me best way for this. File: XML Type Possible size: Up to 250 MB Technology: C#.NET 2008 ...

Architecture of a secure application that encrypts data in the database.

I need to design an application that protects some data in a database against root attack. It means, that even if the aggressor takes control over the machine where data is stored or machine with the application server, he can't read some business critical data from the database. This is a customer's requirement. I'm going to encrypt dat...