cryptography

CryptHashData equivalent for C#?

I am trying to translate some existing C++ code to C#. I have some code which calls CryptHashData 3 times on the same HCRYPTHASH. The documentation says "This function and CryptHashSessionKey can be called multiple times to compute the hash of long or discontinuous data streams." Which is what I want to achieve in C#. Unfortunately, MD5...

php mysql_connect security

If a web server and a database server are on different hosts, is it possible for a hacker to do packet sniffing or use some other method to get the database username/password when you use mysql_connect in the PHP code? ...

HTTP URL token standard

I need to develop a feature in the system which allows unregistered users to get one-off system access via URL token that is generated/sent by an authenticated user. For example, a user logs in and wants to share a piece of information so the system generates a URL like http://host/page?token=jkb345k4b5234k54kh5345kb34kb34. Then this UR...

return supported hash algorithms

i need a command or a script returning supported hashing algorithms (for hashing passwords) on a system, i mean algorithms can be used with pam.d configuration files or login.defs . generally md5,bigcrypt,sha256, sha512 and blowfish are supported but i need to programmatically check if new algorithm is supported and determine it in my s...

Java cryptography generated key portability

In Java, I'm generating and serializing a symmetric key for encryption purposes: KeyGenerator keyGen = KeyGenerator.getInstance(algorithm); SecretKey symmetricKey = keyGen.generateKey(); Base64.encode(symmetricKey.getEncoded(), new FileOutputStream(filename)); where Base64 is from the Bouncycastle cryptography package ...

Why is AES more secure than DES?

I am beginning to learn crypto algorithms and I understand how the above mentioned algorithms work. Is it that the key length of AES is longer? Which steps of AES encryption makes it less vulnerable than DES? ...

Identifying a substitution cipher random key. (English text)

input: Crypted English normal text (A-Z) using a random generated substitution cipher. output: key ideas: read the whole text storing in some arrays the frequencies for each character/bigram/trigram and comparing them to: http://en.wikipedia.org/wiki/Letter_frequencies http://en.wikipedia.org/wiki/Bigram http://en.wikipedia.org/wiki/T...

Exhaustive key search

Suppose that an attacker has got hold of a piece of ciphertext that has been encrypted by a modern cryptosystem. How effective is an exhaustive key search if: a) The attacker will be trying out each key by hand? b) The attacker does not know the encryption algorithm that was used? c) No previous plaintext / ciphertext pairs are known, an...

RSA Encryption in c# using Exponent, Modulus and Base as parameters

I have a proprietary application that uses an extension to handle cryptography. To encrypt a string I feed it Exponent, Modulus, Base and string as parameters. It returns the encrypted string. I need to be able to replicate this functionality in a c# application that talks to the proprietary application. I'm unsure where to begin with t...

AESManaged Encryption/Decryption - Padding is invalid and cannot be removed.

I am coding an encryption/decryption aes utility with specific requirements: -AES/CBC/PKCS7 -256-Bit Key provided as base64 string -IV provided as base64 string So I am trying to encryp/decrypt this string "1234567890123456" using the same key and IV. Encryption runs fine but when trying to decrypt the encrypted string I get the "Paddin...

Sweepstakes algorithm

I am doing a internet cafe sweepstakes slot game in vb.net. I want to show the objects based on the payout and the prize money for paylines in the slot game. I tried using MT algorithem but it basically random number based. the final output should not be radom. Inputs Points Ex. 18 or 50 (2 entries) 9 or 25 (1 Entry) prize (from datab...

Cryptography. English "normal text" ?

I was asked to make a software that will encrypt and decrypt a "normal English" text based on letter frequencies. The question is where do I find some text samples where the official frequencies will match? So far, I have tried "War and Peace" by Lev Tolstoy, it didn't work well.. LE: I don't need just a list of words, I need a text s...

What does ~ operator do?

I recently saw the above operator in a code,I googled for it but found nothing.The code is below.Please describe what actually does this operator do? #include<stdio.h> int main() { unsigned long int i=0; char ch; char name1[20],name2[20]; FILE *fp,*ft; printf("ENTER THE SOURCE FILE:"); gets(name1); printf("E...

Why in brute force attack on Symmetric Algorithm there is 50 percent chance of finding the key after half of the attempts?

Any cryptography text mentions that in brute force attack on Symmetric Algorithm there is 50 percent chance of finding the key after half of the attempt. For e.g. DES with 56 bit key would have 50 percent chance of finding the key after first 2 to the power 55 attempts. Why in a brute force attack against any symmetric encryption algo...

Security implications of storing the keystore in a public repo

What are the security implications of storing the keystore in a public repo, along with the source code? The reason for storing it in the repo is convenience. There are no dependencies when you do a 'git pull or clone' and build on your local machine (for e.g. with sbt sign-release): you just provide the password when prompted and a sig...

how to generate ValueLink merchant working keys

I am trying to generate ValueLink merchant working keys using a modified version of the apache ofbiz ValueLinkApi Class - src I've modified it only to the extent of making it a standalone class that I can run from outside the context of the ofbiz framework. My program runs without error but my keys are not being accepted by the api. H...

How can I import an RSA public key from either XML or modulus/exponent in native code for use with Windows CAPI's CryptVerifySignature?

In C#, I am able to validate a hash against a public key in either of the following ways: // Import from raw modulus and exponent using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider()) { RSAParameters rsaKeyInfo = new RSAParameters {Modulus = modulus, Exponent = exponent}; rsa.ImportParameters(rsaKeyInfo); ret...

OpenSSL treats smime message with Content-type 'Application/EDI' as text and changes line breaks.

I receive smime message with content-type 'Application/EDI'. It is non-standard mime type and content should be interpreted as binary. But OpenSSL during verifying signature treats it as text and changes line breaks from '\n' to '\r\n' (as needed by spec for content-type 'text'). So digest becomes wrong and verification fails. Is there ...

Cryptography. Write application to decrypt basic ciphers

Evening all, I have just began my final year at university and am studying cryptography. We have just been set the first assignment just 3 weeks in so I'm assuming it won't be a case of breaking the enigma code. As part of the assignment there are 7 exercises with 2 further challenges consisting of various ciphers (Caesar, Vigenere, T...

What is CAPICOM DES doing under the hood?

I found a link that explains what CAPICOM does for 3DES (Understanding Capicom), but I'm not sure if this is directly applicable to the single DES algorithm that CAPICOM does. It seems that CAPICOM does some proprietary stuff to derive the actual key it uses to encrypt. It also puts a lot of header information in front of the encrypted ...