The Skein hash proposed for SHA-3 boasts some impressive speed results, which I suspect would be applicable for the Threefish block cipher at its heart - but, if Skein is approved for SHA-3, would this imply that Threefish is considered secure as well? That is, would any vulnerability in Threefish imply a vulnerability in SHA-3? (and thu...
An article that I stumbled upon here in SO provided links to other articles which in turn provided links to even more articles etc. And in the end I was left completely stumped - so what is the best way to store passwords in the DB? From what I can put together you should: Use a long (at least 128 fully random bits) salt, which is sto...
Can someone explain the second, third and fourth rows in the calculation? I cannot understand the calculation "66 fa = 9c". The sum is clearly over "ff", so I am confused. The topic is simple encryption algorithm. Source ...
I need to have a Win32 application load a hard coded AES-256 key, ideally using the WinCrypt.h methods. I've got my key in an unsigned char[32] but I can't find the correct format of a key blob to pass to CryptImportKey. Everything seems to give me invalid parameter errors. Is there any way to do this? (Also important is how to set IV i...
If we consider Man In the Middle Attack; Can such an attack occur if symmetric keys are used? ...
I don't know if i am asking a silly question but I want to know whether Convert.ToBase64String function in .NET returns the same length as it's source byte size or is it different? I wanted to try out the article from MSDN itself How To: Use Forms Authentication with SQL Server 2000 to hash my password but I found out that the function t...
I am using the following code to generate an encrypted token: var ticket = new System.Web.Security.FormsAuthenticationTicket( 2, "", DateTime.Now, DateTime.Now.AddMinutes(10), false, "user id here"); var cipherText = System.Web.Security.FormsAuthentication.Encrypt(ticket); This code uses the key and algori...
Hello everyone, I'm trying to add a public and private RSA keys to the iPhone's keychain, so I can use the CommonCrypto library, but am not entirely sure how to do that. The MYCrypto library seems to only work for the Mac and not the iPhone right now. Can anyone help and explain how to add a private/public key to the keychain and get a ...
Hi All, I am building a iPhone app which uses c# web services. My c# web services takes user details and validates against my DB and returns xml files. So Now the issue is how to encrypt user details(username and password are 10chars each) in objective c and decrypt in C#. I am very new to cryptography, which method is the best. will ...
This question is in the specific context of the Java class java.security.KeyStore and its load(InputStream stream, char[] password) method which can accept null values for password to bypass integrity checking. What are the risks involved with loading and querying a keystore without checking its integrity? The keystore will be queried ...
I understand that normally an SSL (or more precisely X.509) certificate is supposed to be signed by some certifying authority to assure that it is genuine. In some cases no such signature exists, e.g. if you generate a cert for testing purposes, or if you are the certifying authority (root certificate). In these cases, self-signed certi...
This is related to my previous post, where my only option was to have a RSA algorithm which seemed relatively weak. Let us assume that I want to encode a 35 bit number (From 0 upto 34359738367) with a 36 bit modulo (between 34359738368 upto 68719476735). Referring to http://en.wikipedia.org/wiki/RSA I can see that my n is between 34359...
There have been a couple of great discussions regarding salt best practices, and it seems the overwhelming recommendation is to generate a different salt for each password and store it alongside the password in the database. However, if I understand the purpose of salt correctly, it is to reduce the chance that you will be compromised b...
Is there a way to generate a 128-bit key pair suitable for encryption using Sun's keytool program? It seems that the algorithms available in http://java.sun.com/javase/6/docs/technotes/guides/security/StandardNames.html#KeyPairGenerator are either not supported or do not allow keys shorter than 512 bits. The key pair will be used with ...
Hi all, I have the modulus of an RSA public key. I want to use this public key with the Python library "M2Crypto", but it requires a public key in PEM format. Thus, I have to convert the RSA modulus to a PEM file. The modulus can be found here. Any ideas? Thanks a lot, hevalbaranov ...
So after CodingHorror's fun with encryption and the thrashing comments, we are reconsidering doing our own encryption. In this case, we need to pass some information that identifies a user to a 3rd party service which will then call back to a service on our website with the information plus a hash. The 2nd service looks up info on tha...
How do you compute the following using Fermat's Little Theorem? 2^1,000,006 mod 101 2^-1,000,005 mod 11 Yes, this is homework which is completely allowed in SO! ...
Hi guys. I'm building a tiny webapplication in which our customers can update some details about their company. The customers currently don't have a login/password and we don't want to validate their registration, so we want to give them a automaticly generated password/key to login to the website. Our plan to encrypt their customerId ...
CodingHorror's adventure with encryption and Coda Hale's comment on it left me wondering if there are any encryption libraries that offer the type of cryptography services that Coda is describing. Namely providing the correct current methodologies of cryptography for specific purposes. Coda mentions BouncyCastle but that library doesn'...
I am looking for a general string encryption class in .NET. (Not to be confused with the 'SecureString' class.) I have started to come up with my own class, but thought there must be a .NET class that already allows you to encrypt/decrypt strings of any encoding with any Cryptographic Service Provider. Public Class SecureString ...