Hi I have a x.crt file which is used to sign certain contents and a signature file is generated x.sig the x.crt is having a Certificate part which contains a public key a content signature field etc. when i try to parse the x,crt and when i try to generate a x509 certificate its showing invalid DER format if try to extract public key alo...
Wow... look at all the "panic stories" online this week regarding using an iPhone's UDID. [[UIDevice currentDevice] uniqueIdentifier] What SHOULD we be using instead? What if the phone is sold to another user... and an app has stored some data on a remote server, based on the phone's UDID? (Of course, I want to avoid the problems w...
Hi there, I am working on coming up for ideas on a final year project for my CS major. One of the ideas suggested by a lecturer that he would be interested in supervising would be an exploration of the application of ID-based encyption to securing DNS. From my preliminary research, I am leaning towards a project whereby I attempt to marr...
Hello everybody. I am using the System.Security.Cryptography's TripleDESCryptoServiceProvider in the following manner: TripleDESCryptoServiceProvider CreateCipher() { TripleDESCryptoServiceProvider cipher = new TripleDESCryptoServiceProvider(); cipher.KeySize = 192; cipher.BlockSize = 64; ...
I have an application that does time-sensitive communications over UDP (like video streaming or a game). Packets may be lost, and do not need to be re-transmitted. What cipher should I use to encrypt the datagrams? I'm leaning towards blowfish in ECB mode. I know ECB mode has problems, but I need to support missing packets, so the enc...
I implemented Diffie–Hellman key exchange in Java with some large groups from RFC 3526. My output is a fairly large array of bytes. Is it safe to use the first 448 bits (56 bytes) of the output for a blowfish key? Should I transform the bytes in any way, or pick any specific bytes for the key? ...
Hi, for these 2 libraries, Delphi Encryption Compendium v 5.2 TurboPower Lockbox v 2.07 I tested their Rijndael DCB/CBC algorithm with "AES Known Answer Test (KAT) Vectors" obtained at NIST website (http://csrc.nist.gov/groups/STM/cavp/index.html) But, both of these libraries failed the tests. Not sure if it was my testing that has...
I was looking at this lib http://code.google.com/p/winzipaes/ but it writes temp data to disk which can't happen. We'll be writing sensitive data in the zip and having temp decrypted data written to disk is not good practice for a secure system. If the system exits in the middle of a decryption we're left with a tmp file on disk that's...
I'm looking for a product that can provide browser-level encryption of textual data before it's sent to a backend server. HTTPS can be the secure transport mechanism but we need the packet to be encrypted on the browser first. The data packet must end up in encrypted form on the backend database. Use case is: user fills out form on the b...
I have a Java application which uses an embedded Apache Derby DB for storing data. I want to give the user the option to enable/disable encryption of the database. I found ways to encrypt an unencrypted DB, change encryption keys/algorithms, but the one thing that I couldn't find is how to revert from an encrypted DB back to an unencryp...
Hey all i am looking to decrypt my HEX code file for an ATTiny chip and programming it using the AVRDude command line interface. Problem being, i do not want the user to be able to see what the HEX file is at any given time. Can the VB.net Cryptography crypt the HEX file before i put it onto the server and then decrypt it after the prog...
I don't know php at all; this is more of a question of curiosity. Following the php function below in the text file are a few thousand characters of text, such as xnEFstUhSNWGSx5zTq4X/AUw/rtism+klrBETWg0xE1uwb49rnRxrgrgY5EEp3Y0uvTcvLqhUFOP 4n7LDLQpQ9UACTyuUjGBKmUScQCYLCP08u06t0K3nWTNiM7Q6bQMk/iZBE+UK1ywbVC1Lzr9OOEK Does this php func...
Hey everyone, For one of roles, I've been receiving a couple of documents from people via email. It's non-sensitive data so email is fine, but I'd like to make a small portal where people can upload the files and only when they submit all the files required do I get notification that the request is complete. Regardless of content, I'd ...
If a web server and a database server are on different hosts, is it possible for a hacker to do packet sniffing or use some other method to get the database username/password when you use mysql_connect in the PHP code? ...
Do we need to seed a CSPRNG with a truly random number? Examples and documentation use truly random numbers, but no justification is given (that I can find). If we were to seed one with a pseudorandom number, I don't see what the difference would be compared to with a truly random seed. If someone finds either of the seeds, then the e...
I am doing a security review on a system. From one part of the system to another, information is sent using an encrypted string. This string is over 400 characters long, but within it are 4 sets of 10 identical characters. I am assuming that the data that was encrypted also has this pattern, for example the word "parameters". I have t...
I'm looking for a set of emails encrypted (and signed) by a variety of email clients in order to test a mail client. A downloadable mbox file along with test gpg keys would be ideal for this. There seem to be a variety of ways that emails are encrypted (and signed), so getting all of them to work is difficult. And then you find another ...
Hi, I'm currently writing a very small Java program to implement a one-time-pad, where the pad (or key) itself is generated as a series of bytes using a SecureRandom object, which is seeded using a simple string with the SHA-512 algorithm. Generating the one-time-pad hasn't caused any problems, and if I supply the same seed string each...
Hello all I need to encrypt text what is the best encryption to use programmatically ? In general I have input file with string that I need to encrypt then read the file in the application Decrypt it for the application flow . with c++ ...
I need setup USB devices with encrypted data that a user would be able to access the first time with an initial password, be made to change that password on first access, and be able to change the password later as well. It only needs to run on Windows XP SP 2 and later. It would be nice if it could run without administrator privileges...