How strong do salts need to be? At the moment I use this function to generate a "unique" salt upon user registration: $salt = substr(str_shuffle('0123456789abcdefghijklmnopqrstuvwxyz'), 0, 12); I then hash it with sha1 along with the password. What do you think? PS. I'm not planning on getting MySpace big. ...
Hi all, I'm in need of a two-way encryption solution for Ruby, such as Blowfish, Rijndael (AES) or other. The problem, however, is that I can't find an appropriate gem for it. I would like for the library to support several different encryption algorithms so I can compare the performance of each for optimal integration i my application....
Hello There, I am using AES encryption algorithm (Rijndael implementation). I am using MS Visual Studio 2008 IDE for my development work. I could see a strange problem in my Debug and Release mode. When I encrypt a string in Debug mode it generates different bytes than Release mode. But fortunately decrypting will result same string. I ...
The iPhone supports the following encryption algorithms enum { kCCAlgorithmAES128 = 0, kCCAlgorithmDES, kCCAlgorithm3DES, kCCAlgorithmCAST, kCCAlgorithmRC4, kCCAlgorithmRC2 }; I want to use only symmetric algorithm since asymmetric encryptions requires more computation overhea...
Hi, Just looking for some advice/leads on "best practices" for protecting a sensitive id (personally identifiable information)... I've got a Java-based webapp (JSPs, Servlets, etc) that is going to need to embed a SWF file running on a trusted 3rd party site. As part of embedding the SWF file, I'm going to need to pass a parameter in ...
Is it possible to encrypt in one order and decrypt in another? For example I've got the following: plain_text.txt Public/Private Key pair 1 Public/Private Key pair 2 Example Encryption: public1(public2(plain_text.txt)) Decryption: private1(private2(encrypted)) Is there any encryption algorithm that allows this? Is it even pos...
Is it possible to assign different identifiers to copies of an app downloaded from the app store that is hard coded into the application? Or is their anyway of permanently storing an identifier in the application bundle such that when it is copied, the key remains within the bundle? EDIT: Ok, how about iTunes reciepts, can they be used ...
For my iPhone application, Apple wants to know if my password encryption (md5) is greater then 64-bit symmetric or greater then 1024-bit symmetric. I have not been able to find it online, so I am wondering if anyone knows the answer. In addition, is this considered an appropriate encryption technology for passwords, or should I use som...
We've always used the BouncyCastle library, I'm being asked if there are other viable alternatives, either open source or not. Or is the BouncyCastle library already the best one to use? ...
Hai guys, Thus far i am using the following statements for encrypting a password variable in sql server 2005 OPEN SYMMETRIC KEY SecureSymmetricKey1 DECRYPTION BY PASSWORD = N'StrongPassword'; DECLARE @encrypted_str VARBINARY(MAX) select @encrypted_str=EncryptByKey(Key_GUID('SecureSymmetricKey1'),@Password) Is this a good practice o...
Having problem with encryption. I gave full permissions to all users to RSA folders. I did C:\>aspnet_regiis -pe "appSettings" -location "web.config" -prov "RsaProtectedCo nfigurationProvider" Encrypting configuration section... An error occurred executing the configuration section handler for appSettings. Failed to encrypt the section...
I'm looking for a, preferably open source, library or program to encrypt video in real time for security purposes, not DRM. I've found several decent algorithms, RVEA and VEA, but before I try hacking together an implementation I wanted to see if one already existed or if there was a better way of doing this since these methods are a lit...
I'm testing some components i build with vs2008 SP1 targeting .net framework 3.5 SP1. I'm getting the exception "(OID) is unknown" in the method PasswordDeriveBytes.CryptDeriveKey passing "SHA256" as the parameter of the hashing algorithm (I also tried with "SHA256Managed" and "SHA256Cng" as mentioned here), this method works OK under X...
I'm working on a very small form that accepts credit card numbers, which will be cleaned out shortly thereafter. For the time they exist in the database, I'd like them to exist in a comfortable state of encryption. Unfortunately, in my many years of web-development, programming, and database-development, I've not once had the opportunity...
My recent turn-on is using BinaryFormatter instead of some database product. I have an idea to write simple 64bit number into hardware dongle, and encrypt my files with it - via simple XOR operation. Just so it can't be readable at some other end. Do I derive from Stream, or what? I know I can simply put that number into the file and...
hi all, in my database i store the student information in encrypted form. now i want to perform the search to list all student which name is start with "something" or contains "something" anybody have idea that how can perform this type of query? Please suggest ...
I am designing a web site in which users solve puzzles as quickly as they can. JavaScript is used to time each puzzle, and the number of milliseconds is sent to the server via AJAX when the puzzle is completed. How can I ensure that the time received by the server was not forged by the user? I don't think a session-based authenticity to...
Hi, I copied a SQL Server database from one system to the next, identical setup, but completely different physical machine. I used Norton Ghost and recoverd files manually, for example, the entire SQL Server 2008 folder found in c:\Program Files after re-installing SQL Server 2008 Express. One of my databases has AES_256 encryption ena...
Due to an absurd SOAP authentication scheme I need to md5 hash an API key with some other parameters. Unfortunately the only sample code provided is written in PHP and, for reasons I find unfathomable, it requires that the md5 hashing use the optional raw_output flag in PHP (http://php.net/manual/en/function.md5.php) which causes it to ...
My code works fine using plain text code, but fails when I use an encrypted password filename File email emailsys = VIM emailid= "&pa_usr" emailpw= "{sasenc}39AAD23E148A9555508AC84447181DFF" ; Anyone know what I should do? ...