encryption

How are web site passwords encrypted by browsers?

What are some platform-specific API's that web browsers use to securely save passwords with reversible encryption on local systems? Since they must be able to reproduce the exact characters to pass up to a web site, the data can't be a one-way hash. My initial thought is there are system methods which utilize your current authenticatio...

How do I (successfully) decode a encoded password from command line openSSL?

Using PyCrypto (although I've tried this in ObjC with OpenSSL bindings as well) : from Crypto.Cipher import DES import base64 obj=DES.new('abcdefgh', DES.MODE_ECB) plain="Guido van Rossum is a space alien.XXXXXX" ciph=obj.encrypt(plain) enc=base64.b64encode(ciph) #print ciph print enc outputs a base64 encoded value of : ESzjTnGMRFnfV...

Problem with OpenSSL library

Hello, I try to encrypt simple text with RSA algorithm. I have a problem with my code. RSA *_RSA ; unsigned char text[2560] = "A"; unsigned char sectext[2560]; unsigned char decrypttext[2560]; int i = 0; _RSA = RSA_generate_key ( 1024, 65537, NULL, NULL ); i = RSA_public_encrypt ( 1, text, sectext, _RSA, RSA_PKCS1_OAEP_PA...

signedXml.CheckSignature always returns false

I am a little new to cryptography so this could be something really stupid. I am struggling with getting this encryption decryption to work right. I am using this http://www.chaosink.co.uk/files/code/encryptionutils.zip class provided by Wolfwyrd (Thanks!) and following instructions in http://stackoverflow.com/questions/359342/an-effecti...

1-1 mappings for id obfuscation

I'm using sequential ids as primary keys and there are cases where I don't want those ids to be visible to users, for example I might want to avoid urls like ?invoice_id=1234 that allow users to guess how many invoices the system as a whole is issuing. I could add a database field with a GUID or something conjured up from hash function...

How to check password before decrypting data

I am creating a program that needs to store the user's data in encrypted form. The user enters a password before encryption and is required to supply the password again to retrieve the data. Decryption takes a while if there is a lot of data. Now, I want to check that the user has entered the correct password before doing the decryption...

Openssl command line troubles

Edit: Haven't solved my problems, but I've moved on to new and more exciting problems. Leaving this here in case anyone has and insightful that'll help someone who stumbles on to this question in the future. Hi, I'm attempting to send an encrypted email from php to outlook. As such, I need to generate a certificate to import int...

Is there some sort of secure local storage on Windows?

I was thinking of making a small tool. It is not important what the tool will do. The important thing, is that the tool will need to store some sensitive information on the user's HDD. EDIT: The information that will be stored is USER'S information - I'm not trying to protect my own content, that I distribute with the app. I understand ...

MMORPG protocol encryption

Anyone know what the trend is with MMORPG developers encryption their client/server protocols these days? The pro's and con's are as follows. Encrypting protocol: protects trade secrets regarding client/server protocol to a degree? Botting isn't stopped, it is only changed because people will create bots which read screen states and ...

What is the difference between encrypting and signing in asymmetric encryption?

What is the difference between encrypting some data vs signing some data (using RSA)? Does it simply reverse the role of the public-private keys? For example, I want to use my private key to generate messages so only I can possibly be the sender. I want my public key to be used to read the messages and I do not care who reads them...

Length of Encrypted String

I need to create a database column which will store a string encrypted using Triple DES. How do I determine the length of the encrypted string column? (Answers for algorithms other than Triple DES are also welcome.) ...

Can Shor's algorithm be used for key encryption?

Can Shor's algorithm be used for encryption, more specifically WEP encryption? ...

What is the best password encryption & decryption library to use with Perl?

I am writing a perl script that manipulates password protected zip files. Consequently I need to store & retrieve passwords to do this. I have three options for storing the password: Store in plain text. Before you jump in, I have pretty much ruled out this option. Use a simple password munger to prevent casual/accidental access (even ...

Encryption of passwords on disk for open source desktop applications

Is it possible to store passwords on the local system (Windows XP) that can only be accessed by the application itself? My instinctive answer would be "no". Even if some kind of hashing or encyption is used I would think that as long as the source code is available then the determined seeker could always use this to retrieve the passwo...

Using DPAPI with Python?

Is there a way to use the DPAPI (Data Protection Application Programming Interface) on Windows XP with Python? I would prefer to use an existing module if there is one that can do it. Unfortunately I haven't been able to find a way with Google or Stack Overflow. EDIT: I've taken the example code pointed to by "dF" and tweaked it into ...

Ok, so I've encrypted my data now where do I hide the key?

I have a database that contains sensitive information. I can encrypt / decrypt the data on the read write operations. The problem is that I need to store the key in the application. If someone has hacked their way in such they have access to the database then they can also grab the application (java) decomplie it and pull the key. This ...

ASP Membership cannot handle encrypted connection strings in web.config

We were experiencing errors with one of our web methods on a test web server we have. The main error was: "Access to the path 'E:\websites\Discovery\ProfileService\App_Data' is denied" Looking further down the stack trace gives a little more info: "at System.Web.DataAccess.SqlConnectionHelper.CreateMdfFile..." "at System.Web.DataAcce...

C# and SQL Server: Passwords. Where to do what?

Ok, I have an application written in C#. We have data in an SQL Server. Among that data we have user accounts, which will give access to the application. I've read around, and I know that you should salt and hash and possibly hash a bunch of times, etc. But, where do I do what? What do I send to and from the SQL Server? Exactly what do ...

Best way to 'hide' pass phrases, init vectors etc.. for encryption in a class library

I'm adding some encryption methods to a class library (C# 2.0) and would like to know the best place to put the pass phrase, salt value and initialisation vector required. Is it a really bad idea just to hard-code these into the DLL, or should I be be encoding them and storing them somewhere else? Thanks. Edit: Further info - encryptio...

Distributing applications where the configuration settings are encrypted using Entrerprise library

Hi All, I have a thought about this but could not come with a good solution. I have a windows application. I use enterprise library (3.1) Data Access Application Block. Now I use the DataProtectionConfigurationProvider to encrypt the connection strings. This application has to be deployed across multiple machines. I don't want the end...