I have an API which which provides authentication via a signed response to a random chalange. Server sends a random string to the client, the client signs this data using a previously established key pair and then sends this data back to the server. I need the format of the signature to be something roughly equivalent to the PGP clear ...
I was getting bored so I started looking a little into Cryptography. I got interested in this Fair-Coin Flipping protocol. This protocol works with public key cryptography but requires that the algorithm commute (something like RSA I guess). I thought it would be fun to write this in either C or C++ and was wondering how people generally...
I want to create pkcs12 private and public key files in c# .net I want to do this really without having to use makecert.exe or any external programs. Does anyone know any .net library’s to do this with or any resource so i could create the files myself? Thanks ...
See the title for question. In a nut shell, what I am trying to do is encrypt some data with the seed (keyword) provided by the user. Is there a way to know that the data has been decrypted wrong, or in other words that the seed is wrong? Using .net 2.0, C# Thanks! ...
There is some code written using C# which uses RijndaelManaged class to encrypt data and Mode = CipherMode.CBC I need implement the equivalent code in Mac using OpenSSl. What is the equivalent to RijndaelManaged in OpenSSl? ...
i have to create a login module (The question is not language specific) but i am not sure how will i validate the user. Where and how will i store the passwords. Will i have to encrypt and decrypt my passwords and if yes what are the best suggested way to do them. Overall i need to know what all things i need to take care of for developi...
I am learning Rails, at the moment, but the answer doesn't have to be Rails specific. So, as I understand it, a secure password system works like this: User creates password System encrypts password with an encryption algorithm (say SHA2). Store hash of encrypted pw in DB. Upon login attempt: User tries to login System creates has...
Hi, I was reading wikipedia, and it says Cryptographic hash functions are a third type of cryptographic algorithm. They take a message of any length as input, and output a short, fixed length hash which can be used in (for example) a digital signature. For good hash functions, an attacker cannot find two messages that p...
I want to encrypt a string, but the standard java libraries are too complicated for me. So i turned to JASYPT, Its pretty simple to use and understand, However when i import the library to Eclipse 3.6 and when i try encrypt a string like "Hello" with the password "123". It always comes up with an error. I'm not sure what im doing wrong b...
Hi, For wikipedia I read: Joux[3] noted that 2-collisions lead to n-collisions: if it is feasible to find two messages with the same MD5 hash, it is effectively no more difficult to find as many messages as the attacker desires with identical MD5 hashes. But why is this so? I can't imagine why? The algorithms are open right, people ...
What methodologies do people recommend for mitigating the 'Firesheep' method for website applications? We have thought about this and from a usability perspective, other than encrypting all traffic to a site, mitigating the attack can be somewhat of a problem for web developers. One suggestion we came up with was to use path based cook...
So with Firesheep, everyone in a public Wi-Fi now has a one-click session hijack tool. The way it works - to my understanding - is that it simply captures all traffic and grabs the session cookie (so it doesn't steal passwords). From my understanding, this also means that a HTTPS secured login does not solve this alone, as further HTTP...
I am working on a Fountain Code based file transfer system. In this system blocks of data are downloaded, combined with an xor function. I want to verify the blocks as they arrive. What I need is a cryptographically secure hash function which has the property: Hash(A) ^ Hash(B) == Hash(A ^ B) does such a thing exist? Note: The data b...
Given a series of randomly generated data how can I figure out how random it actually is? Is R-lang a good tool for this matlab? What other questions can can these tools answer about randomly generated data? Is there another tool better for this? ...
I need some pointers or a practical example on how to encrypt an int to another int, and a secret key would be required to decrypt the value. Something like: encrypt(1, "secret key") == 67123571122 decrypt(67123571122, "secret key") == 1 This guy asks pretty much the same question: http://stackoverflow.com/questions/3131193/symmetric...
A naive attempt fails miserably: import hashlib class fred(hashlib.sha256): pass -> TypeError: Error when calling the metaclass bases cannot create 'builtin_function_or_method' instances Well, it turns out that hashlib.sha256 is a callable, not a class. Trying something a bit more creative doesn't work either: import h...
Have a String being sent from in the below format: -----BEGIN RSA PUBLIC KEY----- MIGHAoGBANAahj75ZIz9nXqW2H83nGcUao4wNyYZ9Z1kiNTUYQl7ob/RBmDzs5rY mUahXAg0qyS7+a55eU/csShf5ATGzAXv+DDPcz8HrSTcHMEFpuyYooX6PrIZ07Ma XtsJ2J4mhlySI5uOZVRDoaFY53MPQx5gud2quDz759IN/0gnDEEVAgED -----END RSA PUBLIC KEY----- How do i construct a PublicKey Object ...
Hi, I configured SSL mechanism in tomcat 6 by generated certificate using java keytool with RSA algorithm and I’m able access the urls using the HTTPS. Now I have few doubts While communicating client with server (browser to server or server to browser), is Data also encrypted using 128 bit encryption? If stand alone application ...
Hi, I have an open API in my application that I'd like to provide access key's for. The incoming info will be a user id, resource id and a value to update with. I'd like one API key per resource. Preferably I would like to be able to validate the authenticity of an incoming request using only the supplied data and not checking against...
Say I have a scheme that derives a key from N different inputs. Each of the inputs may not be completely secure (f.x. bad passwords) but in combination they are secure. The simple way to do this is to concatenate all of the inputs in order and use a hash as a result. Now I want to allow key-derivation (or rather key-decryption) given on...