encryption

VB.Net Secure Passwords to Database?

I recently made a small app for a friend and then made it a public app, in doing so I forgot that it connects to my MS SQL DB and checks for values. Someone used Red Gate .Net Reflector to get my password and destroy it all. I've contacted their ISP and they are looking into it, apparently this person has a static ip with them. So this ...

Store IV and Key for Rijndael

I need to store username and password in an app.config. I want to encrypt these values using Rijndael algorithm. Where do I store the key and IV for decrypting the un and pw? I need to deploy the application to different servers with different users. ...

An Efficient way to store table ID in form so user cannot overwrite another table record

Hi, I am creating a website which has user accounts. For each user account, the user can do stuff like update their personal details, write a blog etc. When the user wants to edit a blog, i have the following form (this is a simplied version). <form action="goToThisPage.php" method="get"> <input type="hidden" name="blogID" value=...

Encryption library for Objective-C

Other than OpenPGP, are there any other libraries to encrypt text? ...

DataProtectionScope.CurrentUser encryption does not seem to work across machines

Hi I'm trying to encrypt and decrypt some text file data using .NET's ProtectedData.Protect method. I'd like to be able to encrypt the text (and save it to a file) on one machine and decrypt the text on a different machine. The machines are both in the same domain and both running the same service under the same username so I thought us...

Comparing passwords with crypt() in PHP

I need to get the basics of this function. The php.net documentation states, for the blowfish algorithm, that: Blowfish hashing with a salt as follows: "$2a$", a two digit cost parameter, "$", and 22 base 64 digits from the alphabet "./0-9A-Za-z". Using characters outside of this range in the salt will cause crypt() to return a zero...

Loading a private key from a file in Java.

I've created an RSA key pair using OpenSSL. The private key file is DER encoded. I need to load this file into my Java app and sign some data. Here's what I have: byte[] private_key = new byte[] ... ... load bytes from file into private_key .. PKCS8EncodedKeySpec pkcs8_key_spec = new PKCS8EncodedKeySpec( private_key ); KeyFactory k...

How to decrypt XML file in C#

How to read the encrypted file of XML in C# ...

Encrypt Data with C# AesCryptoServiceProvider crypted with BouncyCastle AesFastEngine

Hello, I need to decrypt Data with Standard C# AesCryptoServiceProvider which was encrypted with Bouncy Castle AesFastEngine on the Java side. (To decrypt the Data using the c# implementation of Bounca Castle is no problem) Is there a way to do this? I don't find the IV used in the Bouncy Castle implementation... Is there any? Any he...

Why not use AES for password encryption in PHP?

Everywhere I have seen people talking about storing passwords in a database, they have almost always used MD5. What is wrong with AES, or SHA1? ...

Reporting Services FileShare Delivery - Password must be encrypted

Hello, I am currently using the Reporting Services 2005 API to create and edit subscriptions. In order to create a FileShare subscription I have to submit a password in clear text. This is a major security risk. Is there a way to submit an encrypted password using the API? I don't want to require the user to have SSL. Thank you in ...

Design problem: Secure / self-destructing email

As most of you know, email is very insecure. Even with a SSL-secured connection between the client and the server that sends an email, the message itself will be in plaintext while it hops around nodes across the Internet, leaving it vulnerable to eavesdropping. Another consideration is the sender might not want the message to be reada...

Encrypted, Compressible, Cross Platform, File system in a file

We wish to make a desktop application that searches a locally packaged text database that will be a few GB in size. We are thinking of using lucene. So basically the user will search for a few words and the local lucene database will give back a result. However, we want to prevent the user from taking a full text dump of the lucene inde...

How to perform Triple DES calculations in Ruby in hexadecimal?

Hi Guys, I'm trying to do some triple DES encryption in Ruby. I'm trying to replicate the results from this page: http://da.nmilne.com/des.html I'm trying to replicate those result in Ruby. I suspect the problem is the key is supposed to be a string, but I need to pass in a Hexadecimal key. Either that or the string being encrypted...

Sql server Encryption or security permissions

Just started looking into encryption using keys and certificates in sql server 2005/08 and although it looks very good I'm not too sure why I should use it over sql server security permissioning. For example, I have a table with sensitive data in, such as user-name/passwords. I can either encrypt the data using say ENCRYPTBYCERT, or s...

What happens to encrypted data if the certificate is dropped?

If I encrypt data using ENCRYPTBYCERT in sql server 2005/08, what happens if the certificate used to encrypt it with is dropped from the database? The data is still encrypted, but the certificate is no longer there so can't be decrypted. What do I do? How do I get the original plaintext back? Recreating the certificate with the same ...

How to authenticate client based on possession of symmetric key?

Our clients call our web service over SSL and authenticate themselves with a username and password. Our server then generates a symmetric key and sends it back to the client. Then, the client establishes a TCP connection to our server, and sends a login message. At this point, I want to authenticate the client. My idea is to have the c...

Are EncryptByCert and DecryptByCert a secure way of encrypting?

I would like to use TDE, but I cannot use it, so I have chosen to use the EncryptByCert and DecryptByCert functions. However, I was also considering encrypting/decrypting data in c# as shown here. My question is are EncryptByCert and DecryptByCert unsecure because the certificate is also stored in the database? How do people get around ...

PGP secured emails for the computer illiterate??

I have an informal group that need to exchange emails between each other in a secured fashion. I am a programmer and can barely get away with using PGP (using http://www.jumaros.de/rsoft/index.html), so I cannot except the "average" person to send using PGP. I cannot change everyone's email to a PGP-enabled mail server either because eve...

signature.verify() Always returns False

public static void main(String[] args) { try{ String mod = "q0AwozeUj0VVkoksDQSCTj3QEgODomq4sAr02xMyIrWldZrNHhWfZAIcWt2MuAY3X6S3ZVUfOFXOrVbltRrO3F9Z6R8/jJIMv7wjkeVBFC5gncwGR0C3aV9gmF6II19jTKfF1sxb26iMEMAlMEOSnAAceNaJH91zBoaW7ZIh+qk="; String exp = "AQAB"; byte[] modulusBytes = Base64.decodeBase64(mod.getBytes...