encryption

Encrypting Passwords

What is the fastest, yet secure way to encrypt passwords in (PHP Prefered), and for which ever method you choose is it portable?In other words if I later migrate my website to a different server will my passwords continue to work?The method I am using now I was told is dependent on the exact versions of the libraries installed on the ser...

How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS

Most recent edits in bold I am using the .net HttpListener class, but I'm won't be running on IIS and am not using ASP.net. This web site describes what code to actual use to implement SSL with asp.net and this site describes how to set up the certificates (although I'm not sure if it works only for IIS or not). When I the class docu...

How can I encode xml files to xfdl (base64-gzip)?

Before reading anything else, please take time to read the original thread. A quick simple overview: A .xfdl file is a is a gzipped .xml file which has then been encoded in base64. I wish to de-encode the .xfdl into xml which I can then modify and then re-encode back into a .xfdl file. xfdl > xml.gz > xml > xml.gz > xfdl I have been...

C# - CryptographicException: Padding is invalid and cannot be removed

I needed some simple string encryption, so I wrote the following code (with a great deal of "inspiration" from here): // create and initialize a crypto algorithm private static SymmetricAlgorithm getAlgorithm(string password) { SymmetricAlgorithm algorithm = Rijndael.Create(); Rfc2898DeriveBytes rdb = new Rfc2898...

Can a proxy server cache SSL GETs? If not, would response body encryption suffice?

Can a (||any) proxy server cache content that is requested by a client over https? As the proxy server can't see the querystring, or the http headers, I reckon they can't. I'm considering a desktop application, run by a number of people behind their companies proxy. This application may access services across the internet and I'd like t...

Suitable alternative to CryptEncrypt

We have a situation in our product where for a long time some data has been stored in the application's database as SQL string (choice of MS SQL server or sybase SQL anywhere) which was encrypted via the Windows API function CryptEncrypt. (direct and decryptable) The problem is that CryptEncrypt can produce NULL's in the output, meanin...

Encryption in C# Web-Services

I'm looking for a simple way to encrypt my soap communication in my C# Web-Service. I was looking into WSE 3.0 but it seems Microsoft dropped support for it, and therefore it's not straightforward to use. It seems WCF could've been an option but I prefer not to upgrade from .NET 2.0 . Any simple, straightforward encryption method? ...

How do I use 3des encryption/decryption in Java?

Every method I write to encode a string in Java using 3DES can't be decrypted back to the original string. Does anyone have a simple code snippet that can just encode and then decode the string back to the original string? I know I'm making a very silly mistake somewhere in this code. Here's what I've been working with so far: ** note...

Programmatically encrypting a config-file in .NET

Could somebody please do a rundown of how to programmatically encrypt a config-file in .NET, preferably in C#. What I would like to do is do some kind of check on an application's startup to see if a section is unprotected, and if it is, then encrypt it. This for both settings and connection-strings. Also if anyone could list the types...

Secure Online Highscore Lists for Non-Web Games

I'm playing around with a native (non-web) single-player game I'm writing, and it occured to me that having a daily/weekly/all-time online highscore list (think Xbox Live Leaderboard) would make the game much more interesting, adding some (small) amount of community and competition. However, I'm afraid people would see such a feature as ...

GPG: How does key signing work and how is it done?

I've been reading various tutorials about GPG, and many of them mention that keys may be signed by other people to verify their authenticity. Unfortunately, I have been unable to find information regarding exactly how this process works. How does one sign a key, and how is the signed key used (different from the previous key)? Thank you...

What's the answer to this Microsoft PDC challenge?

In today's channel9.msdn.com video, the PDC guys posted a challenge to decipher this code: 2973853263233233753482843823642933243283 6434928432937228939232737732732535234532 9335283373377282333349287338349365335325 3283443783243263673762933373883363333472 8936639338428833535236433333237634438833 3275387394324354374325383293375366284282 3...

Two-way password encryption without ssl

I am using the twitter API to integrate twitter with my blog's commenting system. The problem with the twitter API and many other web APIs out there is that they require the user's username and password to do anything useful. I don't want to deal with the hassle and cost of installing a SSL certificate, but I also don't want passwords ...

How to encrypt one message for multiple recipients?

What are the fundamentals to accomplish data encryption with exactly two keys (which could be password-based), but needing only one (either one) of the two keys to decrypt the data? For example, data is encrypted with a user's password and his company's password, and then he or his company can decrypt the data. Neither of them know the ...

Encrypt data from users in web applications

Some web applications, like Google Docs, store data generated by the users. Data that can only be read by its owner. Or maybe not? As far as I know, this data is stored as is in a remote database. So, if anybody with enough privileges in the remote system (a sysadmin, for instance) can lurk my data, my privacy could get compromised. Wh...

Is there a best .NET algorithm for credit card encryption?

The .NET System.Security.Cryptography namespace has a rather bewildering collection of algorithms that I could use for encryption of credit card details. Which is the best? It clearly needs to be secure for a relatively short string. EDIT: I'm in the UK, where I understand we're OK storing encrypted credit card details so long as the ...

How do I prevent replay attacks?

This is related to another question I asked. In summary, I have a special case of a URL where, when a form is POSTed to it, I can't rely on cookies for authentication or to maintain the user's session, but I somehow need to know who they are, and I need to know they're logged in! I think I came up with a solution to my problem, but it n...

Passing untampered data from Flash app to server?

I'm looking for secure ways to pass data between a client running Flash and a server. The data in question will be generated BY the Flash app, which in this case is your score after finishing a game. I want to verify the data is untampered on the server. What are some good methods of getting this done? One simple way is to perform so...

Which hard disk encryption software to choose?

I've used PointSec before. It was my previous employers default choice. Now i get to choose for my current one. While i dont have anything against PointSec, Looking for more options to choose from. ...

Simple encryption implementation in C

I've used a nice public domain C++ DES implementation before, but now I need some simple, basic, fast cryptography for an embedded system. It doesn't need to be unbreakable, but it does need to thwart the casual hacker (ie, nothing that could be used for money or identity theft, but other personal info transferred on memory cards that c...