What is the fastest, yet secure way to encrypt passwords in (PHP Prefered), and for which ever method you choose is it portable?In other words if I later migrate my website to a different server will my passwords continue to work?The method I am using now I was told is dependent on the exact versions of the libraries installed on the ser...
Most recent edits in bold I am using the .net HttpListener class, but I'm won't be running on IIS and am not using ASP.net. This web site describes what code to actual use to implement SSL with asp.net and this site describes how to set up the certificates (although I'm not sure if it works only for IIS or not). When I the class docu...
Before reading anything else, please take time to read the original thread. A quick simple overview: A .xfdl file is a is a gzipped .xml file which has then been encoded in base64. I wish to de-encode the .xfdl into xml which I can then modify and then re-encode back into a .xfdl file. xfdl > xml.gz > xml > xml.gz > xfdl I have been...
I needed some simple string encryption, so I wrote the following code (with a great deal of "inspiration" from here): // create and initialize a crypto algorithm private static SymmetricAlgorithm getAlgorithm(string password) { SymmetricAlgorithm algorithm = Rijndael.Create(); Rfc2898DeriveBytes rdb = new Rfc2898...
Can a (||any) proxy server cache content that is requested by a client over https? As the proxy server can't see the querystring, or the http headers, I reckon they can't. I'm considering a desktop application, run by a number of people behind their companies proxy. This application may access services across the internet and I'd like t...
We have a situation in our product where for a long time some data has been stored in the application's database as SQL string (choice of MS SQL server or sybase SQL anywhere) which was encrypted via the Windows API function CryptEncrypt. (direct and decryptable) The problem is that CryptEncrypt can produce NULL's in the output, meanin...
I'm looking for a simple way to encrypt my soap communication in my C# Web-Service. I was looking into WSE 3.0 but it seems Microsoft dropped support for it, and therefore it's not straightforward to use. It seems WCF could've been an option but I prefer not to upgrade from .NET 2.0 . Any simple, straightforward encryption method? ...
Every method I write to encode a string in Java using 3DES can't be decrypted back to the original string. Does anyone have a simple code snippet that can just encode and then decode the string back to the original string? I know I'm making a very silly mistake somewhere in this code. Here's what I've been working with so far: ** note...
Could somebody please do a rundown of how to programmatically encrypt a config-file in .NET, preferably in C#. What I would like to do is do some kind of check on an application's startup to see if a section is unprotected, and if it is, then encrypt it. This for both settings and connection-strings. Also if anyone could list the types...
I'm playing around with a native (non-web) single-player game I'm writing, and it occured to me that having a daily/weekly/all-time online highscore list (think Xbox Live Leaderboard) would make the game much more interesting, adding some (small) amount of community and competition. However, I'm afraid people would see such a feature as ...
I've been reading various tutorials about GPG, and many of them mention that keys may be signed by other people to verify their authenticity. Unfortunately, I have been unable to find information regarding exactly how this process works. How does one sign a key, and how is the signed key used (different from the previous key)? Thank you...
In today's channel9.msdn.com video, the PDC guys posted a challenge to decipher this code: 2973853263233233753482843823642933243283 6434928432937228939232737732732535234532 9335283373377282333349287338349365335325 3283443783243263673762933373883363333472 8936639338428833535236433333237634438833 3275387394324354374325383293375366284282 3...
I am using the twitter API to integrate twitter with my blog's commenting system. The problem with the twitter API and many other web APIs out there is that they require the user's username and password to do anything useful. I don't want to deal with the hassle and cost of installing a SSL certificate, but I also don't want passwords ...
What are the fundamentals to accomplish data encryption with exactly two keys (which could be password-based), but needing only one (either one) of the two keys to decrypt the data? For example, data is encrypted with a user's password and his company's password, and then he or his company can decrypt the data. Neither of them know the ...
Some web applications, like Google Docs, store data generated by the users. Data that can only be read by its owner. Or maybe not? As far as I know, this data is stored as is in a remote database. So, if anybody with enough privileges in the remote system (a sysadmin, for instance) can lurk my data, my privacy could get compromised. Wh...
The .NET System.Security.Cryptography namespace has a rather bewildering collection of algorithms that I could use for encryption of credit card details. Which is the best? It clearly needs to be secure for a relatively short string. EDIT: I'm in the UK, where I understand we're OK storing encrypted credit card details so long as the ...
This is related to another question I asked. In summary, I have a special case of a URL where, when a form is POSTed to it, I can't rely on cookies for authentication or to maintain the user's session, but I somehow need to know who they are, and I need to know they're logged in! I think I came up with a solution to my problem, but it n...
I'm looking for secure ways to pass data between a client running Flash and a server. The data in question will be generated BY the Flash app, which in this case is your score after finishing a game. I want to verify the data is untampered on the server. What are some good methods of getting this done? One simple way is to perform so...
I've used PointSec before. It was my previous employers default choice. Now i get to choose for my current one. While i dont have anything against PointSec, Looking for more options to choose from. ...
I've used a nice public domain C++ DES implementation before, but now I need some simple, basic, fast cryptography for an embedded system. It doesn't need to be unbreakable, but it does need to thwart the casual hacker (ie, nothing that could be used for money or identity theft, but other personal info transferred on memory cards that c...