The TEA is a very simple encryption algorithm requiring little time and space - perfect for embedded systems. There are extensions to it, and every version has its flaws (WEP was based on it), but for casual protection it's perfect. In the vein of this topic on code review, I'm posting my code for critique. Interestingly, when I decid...
I have an existing application that is written in C++ for Windows. This application uses the Win32 CryptoAPI to generate a TripleDES session key for encrypting/decrypting data. We're using the exponent of one trick to export the session key out as a blob, which allows the blob to be stored somewhere in a decrypted format. The question i...
Recently a friend and I were talking about securing stored procedure code in a SQL server database. From distant memory, I'm pretty certain that "with encryption" is incredibly easily broken in all versions of SQL Server, however he said it has been greatly improved in SQL 2005. As a result I have not seriously considered it as a sec...
I am developing a web app which requires a username and password to be stored in the web.Config, it also refers to some URLs which will be requested by the web app itself and never the client. I know the .Net framework will not allow a web.config file to be served, however I still think its bad practice to leave this sort of information...
I'm writing a little desktop app that should be able to encrypt a data file and protect it with a password (i.e. one must enter the correct password to decrypt). I want the encrypted data file to be self-contained and portable, so the authentication has to be embedded in the file (or so I assume). I have a strategy that appears workabl...
Hi A database that stores a lot of credit card information is an inevitable part of the system we have just completed. What I want though is ultimate security of the card numbers whereby we setup a mechanism to encrypt and decrypt but of ourselves cannot decrypt any given number. What I am after is a way to secure this information eve...
I need to write a web application using SQL Server 2005, asp.net, and ado.net. Much of the user data stored in this application must be encrypted (read HIPAA). In the past for projects that required encryption, I encrypted/decrypted in the application code. However, this was generally for encrypting passwords or credit card informatio...
I'm using an identical call to "CryptUnprotectData" (exposed from Crypt32.dll) between XP and Vista. Works fine in XP. I get the following exception when I run in Vista: "Decryption failed. Key not valid for use in specified state." As expected, the versions of crypt32.dll are different between XP and Vista (w/XP actually having the m...
Is it recommended that I use an initialization vector to encrypt/decrypt my data? Will it make things more secure? Is it one of those things that need to be evaluated on a case by case basis? To put this into actual context, the Win32 Cryptography function, CryptSetKeyParam allows for the setting of an initialization vector on a key pri...
Is it possible to query the Crystal CMS database and get meaningful data back? The data appears to be encrypted. I am running Business Objects Crystal Report Server version 11.5 ...
I am looking for a simple unpatented one-way encryption algorithm, preferably in c. I would like to use it to validate passwords. ...
I'm already using salted hashing to store passwords in my database, which means that I should be immune to rainbow table attacks. I had a thought, though: what if someone does get hold of my database? It contains the users' email addresses. I can't really hash these, because I'll be using them to send notification emails, etc.. Should ...
I want to compress some files (into the ZIP format) and encrypt them if possible using C#. Is there some way to do this? Can encryption be done as a part of the compression itself? ...
I want to encrypt few files using python what is the best way i can use gpg but are there any standarad/famous python libraries? ...
SslStream is supposed to negotiate the cipher type, key length, hash algorithm, etc. with its peer SSL stack. When using it in my code, I find that the negotiation always defaults to RC4 & MD5. I would like to use 3DES or AES for some added security. Looking around the web I find only a few references to this problem and no solutions; o...
Hi, I have a legacy C++ module that offers encryption/decryption using the openssl library (DES encryption). I'm trying to translate that code into java, and I don't want to rely on a DLL, JNI, etc... C++ code looks like: des_string_to_key(reinterpret_cast<const char *>(key1), &initkey); des_string_to_key(reinterpret_cast<const char *>...
I would like to add AES encryption to a software product, but am concerned by increasing the size of the data. I am guessing that the data does increase in size, and then I'll have to add a compression algorithm to compensate. ...
Some programming languages such as Java and C# include encryption packages in their standard libraries. Others such as Python and Ruby make you download third-party modules to do strong encryption. I assume that this is for legal reasons; perhaps Sun Microsystems has enough lawyers that they aren't afraid of getting sued, while Guido v...
I am using Oracle 9 and JDBC and would like to encyrpt a clob as it is inserted into the DB. Ideally I'd like to be able to just insert the plaintext and have it encrypted by a stored procedure: String SQL = "INSERT INTO table (ID, VALUE) values (?, encrypt(?))"; PreparedStatement ps = connection.prepareStatement(SQL); ps.setInt(id); p...
I can understand that imposing a minimum length on passwords makes a lot of sense (to save users from themselves), but my bank has a requirement that passwords are between 6 and 8 characters long, and I started wondering... Wouldn't this just make it easier for brute force attacks? (Bad) Does this imply that my password is being stored...