Premise: The requirements for an upcoming project include the fact that no one except for authorized users have access to certain data. This is usually fine, but this circumstance is not usual. The requirements state that there be no way for even the programmer or any other IT employee be able to access this information. (They want me to...
What is the easiest free method of encrypting my web traffic? I'd like to be able to log in to sites on my web server without sending my password in plaintext. Edit: My web server is running on the LAMP stack , although it is a shared host so I don't have root. ...
As as part of my daily routine, I have the misfortune of administering an ancient, once "just internal" JSP web application that relies on the following authentication schema: ... // Validate the user name and password. if ((user != null) && (password != null) && ( (user.equals("brianmay") && password.equals("queen")) || (user....
Our app encrypts a value using RC2 in C++ code and I wrote a decryption routine in .NET The problem is that it works fine on our dev server, which is Windows 2003 but fails on the Windows 2000 one. It's running the same code and I checked everything else and it seems there are differences in the way the 2 encrypt. Has anyone had any ...
all files in ~/Cipher/nsdl/crypto can be found here java files compiled with gcj, see compile.sh nmint@nqmk-mint ~/Cipher/nsdl/crypto $ echo test | ./cryptTest encrypt deadbeefdeadbeefdeadbeefdeadbeef deadbeef Blowfish CBC > test null Exception in thread "main" java.lang.IllegalStateException: cipher is not for encrypting or decrypting ...
Hi, I don't want customers to be able to make backups of my sql server database and access the tables data etc. I know there are some products that will encrypt the data in the tables, and their product will decrypt it when displaying in my application. What products do you guys know of? What options do I have? (This is a business r...
The situation I'm trying to solve: in my Cocoa app, I need to encrypt a string with a symmetric cipher, POST it to PHP, and have that script decode the data. The process needs to work in reverse for returning an answer (PHP encodes, Cocoa decodes). I'm missing something because even though I can get both the key and initialization vect...
Hi all, I'm trying to encrypt some integers in java using java.security and javax.crypto. The problem seems to be that the Cipher class only encrypts byte arrays. I can't directly convert an integer to a byte string (or can I?). What is the best way to do this? Should I convert the integer to a string and the string to byte[]? Th...
I need to generate random tokens so that when I see them later I can determine absolutely that they were actually generated by me, i.e. it should be near impossible for anyone else to generate fake tokens. It's kind of like serial number generation except I don't need uniqueness. Actually, its a lot like a digital signature except I am t...
The current top-voted to this question states: Another one that's not so much a security issue, although it is security-related, is complete and abject failure to grok the difference between hashing a password and encrypting it. Most commonly found in code where the programmer is trying to provide unsafe "Remind me of my password" fu...
Hey everyone, I'm building a with-source system which I am giving out on the 'net for providing adoptable virtual pets. The system will be owned mainly by kids. Since I want it to be usable for absolute beginner programmers, there are several complexity constraints on my system: It can't use libraries that don't commonly ship with PHP, ...
Hey everyone, One concept I've always wondered about is the use of cryptographic hash functions and values. I understand that these functions can generate a hash value that is unique and virtually impossible to reverse, but here's what I've always wondered: If on my server, in PHP I produce: md5("stackoverflow.com") = "d0cc85b26f2ceb87...
I need a standard, Microsoft delivered, encryption library that works for both .NET 2.0 and C++. What would you suggest? We find that AES is only offered in .NET 3.5 (and available in C++) We find that Rijndael is used in .NET 2.0 but not available in the standard C++ libraries. If I am wrong (very good chance), can you point me in th...
Any suggestions on figuring out this crash? The below code intermittently crashes between logging <part>14 and logging <part>15. Plaintext is a path string (in this case it is "C:\Documents and Settings\Brian\Desktop\Joy\", despite a clear lack of such joy. I have a sinking feeling this is a symptom of some sort of evil memory issue. ...
First of all, I'm not looking for miracle... I know how PHP works and that there's not really way to hide my code from the clients without using encryption. But that comes with the cost of an extension to be installed on the running server. I'm looking for something different though... I'm not looking to encrypt my code or even obfuscat...
Is it possible to store encrypted connection string so it can be used from server-side vbscript? Was there an equivalent of web.config in 'the good old days'? ...
I have X interfaces to Y computers that communicate over a public network (Think colleges and libraries). I am researching common industry standard techniques for encrypting the data that goes between us. I know there is SSL, but I'd rather find a simple technique that is a "purchase once, install infinite" (trying to keep my variable c...
We are busy developing a Java web service for a client. There are two possible choices: Store the encrypted user name / password on the web service client. Read from a config. file on the client side, decrypt and send. Store the encrypted user name / password on the web server. Read from a config. file on the web server, decrypt and us...
I'm trying to find an zip compression and encryption component with encryption suitable for use by the US Federal Government, so I can't use Zip 2.0 encryption, it has to be AES or the like. I've already found SharpZipLib (can't do AES encyrption), and Chilkat (can do AES encryption, but costs money). Am I missing any other options? ...
Hi all I am using a AES cipher with a 16 byte block size. If I try and encrypt a 16 byte string I have no problems, but any other length not a multiple of 16 is throwing an exception. I know with 3-DES you can specify a padding type as part of the algorithm and it's handled with no extra work (e.g. DES/CBC/PKCS5Padding), but is the...