encryption

How can I decrypt blowfish encrypted string without using OpenSSL in Mac OS 10.5/10.6

My application is currently using SSCrypto.framework to decrypt a string encrypted with Blowfish. SSCrypto utilizes OpenSSL which is a new problem for me. Using the 10.6 base SDK while targeting 10.5 doesn't seem to work. The issue is explained in this Apple Mailing List thread: http://lists.apple.com/archives/Cocoa-dev/2009/Aug/msg01737...

Secure TCP .NET Remoting Channel without Authentication

I have a .NET 2.0 remoting application that needs to communicate between machines that may be on different domains or no domain at all. It is using the TCP channel. Everything works fine until I enable encryption, then when connecting I get the error "The server has rejected the client credentials." I have done quite a bit of searching,...

WCF message security without certificate and windows auth

I have a WCF service and client which is going to be deployed to several companies (hundreds). Some companies will run the software in their network and some will run it over the Internet (WCF server at on office, WCF client at another). We want to encrypt the communication between the WCF server and client. We don't have any need to au...

Java Encryption using XTEA

How would I encrypt a string using the XTEA scheme in Java. Thanks public class run { public static void main(String[] args) throws Exception{ XTEA2 x= new XTEA2("keykey"); String s = "hi there"; byte[] theBytes = s.getBytes(); System.out.println("Plaintext: " + new String(theBytes)); ...

Java SealedObject

I am encrypting an string with PBEWITHSHA256AND128BITAES-CBC-BC using SealedObject and write it to a file. After encrypting when i do a cat on the resulting file i i get read the salt used and the algorithm used in plain text even though the actual data is encrypted. Doesn't that give crackers a head start? They know the salt and the al...

Encrypting a file with RSA in Visual Basic .NET

I'm just getting started with Visual Basic .NET and I'm currently stuck on the following problem: how can I encrypt/decrypt a file with asymmetric encryption? Essentially, I'm trying to figure out how I can write the following pseudocode in VB: Function EncryptFile(path_to_file_to_encrypt, public_key) file = ReadFile(path_to_file_to_...

Help me make my password storage safe

How much more safer is this than just md5? I've just started look into password security. Im pretty new with php. $salt = 'csdnfgksdgojnmfnb'; $password = md5($salt.$_POST['password']); $result = mysql_query("SELECT id FROM users WHERE username = '".mysql_real_escape_string($_POST['username'])."' ...

.Net Design pattern for storing and retrieving sensitive per user data

Are there any reference patterns for .Net server applications relating to storing and retrieving sensitive per user information such as 3rd party credentials? My preliminary design thoughts are along the lines of: Generate a self signed X509 certificate with appropriately strong private key, Export the certificate and key and store th...

How to send password securely over HTTP?

If on a login screen user submits a form with his username and password, the password is sent in plain text (even with POST, correct me if I am wrong). So the question is what is the right way to protect the user and his password against the third party who might be eavesdropping on the communication data? I am aware that HTTPS is aso...

Is the password weak under dictionary attack

Thanks for looking. All sincerely helpful answers are voted up. I use a password strength meter to let the user know how strong the password they've chosen is. But this password checker obviously doesn't cover how weak under a dictionary attack the password is. How can I check for that, and is it worth it? Also my regular password ch...

What are the best ways of protecting my source code?

What is the best way of protecting my source code from being distributed without permission. I've thought of perhaps moving my source to another server. Also toyed with the idea of obfuscating my code, but this might make it a pain to alter at a later date. Has anyone any better ideas? ...

Which symmetrical encryption algorithm to use to encrypt e-mail address(short message)?

Which symmetrical encryption algorithm to use to encrypt e-mail address(short message)? I would like to have ciphertext to be comparable in length to paintext. ...

Block ciphers SALT: clear text or secret?

There are many articles and quotes on the web saying that a 'salt' must be kept secret. Even the Wikipedia entry on Salt: For best security, the salt value is kept secret, separate from the password database. This provides an advantage when a database is stolen, but the salt is not. To determine a password from a stolen has...

How to strengthen Mysql database server Security?

If we were to use server1 for all files (file server), server2 for mysql database (database server). In order for websites in server1 to access to the database in server2, isn't it needed to connect to to ip address of second (mysql server) ? In this case, is remote mysql connection. However, I seen from some people comment on the se...

iPhone: How to create a SecKeyRef from a public key file (PEM)

In order to send and receive encrypted messages from/to the iPhone I need to read a public key (server's public key) PEM file and create a SecKeyRef (later I could even store it on the keychain in order not to create it again). This is my current workflow: On the server: Create a P12 file with the user's certificate and private key. S...

Is authentication required/recommended with a stream cipher?

I want to secure the communication of a TCP-based program using a shared passphrase/key. The easiest way to do that without having to deal with block size, padding, ... is to directly use a stream cipher. Doing that way, the amount of data is not changed between clear and encrypted data and the modification is trivial. Using only a stre...

Java Encryption C# Decryption

Hi, I got a module which RSA encrypts the data and passes on to the C#. C# needs to decrypt it based on the public key (64 bit encoded) and the passed token. I have token , 64 bit encoded public key, can some help me get with the sample to get started. All I know from Java end is, it is using. I have got the result from Java end and nee...

Storing private keys using DSACryptoServiceProvider

I'm trying to use the DSACryptoServiceProvider class with C# to create two DLLs: one will have the ability to verify and create digital signatures, the other will just be able to verify. Basically, I'm trying to create a private/public key pair and save they keys accordingly (to a file). I'm running into problems when using ExportParame...

SSIS PGP encryption

I have a SSIS package that writes the output to Flat file. Now I need to PGP encrypt the output file and further decrypt in other packages. I am curious if anyone knows of how to do this, or better yet a website with helpful hints on how to do it. Thanks ...

How can I use externally generated keys to encrypt and decrypt the data in iPhone?

I am working on an application, in which I need to encrypt and decrypt the data, with the keys generated by server. I viewed the sample code of Crypto Exercise. In that keys are automatically generated. How can I use externally generated keys in the code? Please help. ...