encryption

How to Encrypt a portion of AppConfig file in any win form application ?

I am working on a small winform application. Here i am having some configuration settings e.g. User Name and password kinda stuff. Now my requirement is that i want to encrypt this particular detail. So can somebody tell me as how this can be done in .NET (C#). ...

Data leakage in db-level encryption

I read a comment that when doing the data encryption at the database level as opposed to application level, some of the data will linger in its raw plain text format in the logs. True or false? and is it something I should worry about? ...

Using the same salt for multiple fields

I have a field in a row that I'm hashing and salting. The salt for each row is different. I decided to hash/salt a couple of more fields in each row. Would using the same salt for those new fields in the same row make the data more susceptible to rainbow attacks compared to if I were to generate a new salt for each field? My logic is t...

Un-encrypting / re-encrypting a ColdFusion encrypted string in PHP

Hi there, I'm in the unenviable position where I have to maintain functionality with an existing ColdFusion application. As part of it's login process the Coldfusion app stores a cookie with an encrypted string. encrypt(strToEncrypt, theKey, "AES", "Base64") I can successfully decrypt this string in PHP using MCrypt and the followi...

What else do I need to know about implementing a one-time-password system?

I've been tasked with creating a One Time Password (OTP) system which will eventually be used to create OTP generators on mobile devices. We're looking at using HOTP (rfc 4226) using a counter, but maybe with some variations. We are not required to be OATH compliant. This is my first experience in the security/cryptographic realm, so ...

Dilemma, searching a hashed field when no other information is known

I'm having a dilemma. I have a field hashedX that is a hashed/salted value and the salt is saved in the same row in the mysql database as is common practice. hashedX saltX ------ ------ hashed1 ssai3 hashed2 woddp hashed3 92ofu When I receive inputX, I need to know if it matches any of the values in hashedX s...

Which databases support encryption

I use MySQL extensively, but it doesn't support database-level encryption without some external library. What databases come with db-level support built-in, and if you know MySQL enough to compare, how close is its syntax to MySQL. I'd obviously prefer not to re-learn everything. I also use PDO extensively to handle sql injections, s...

Encrypting Whole Database

I need to encrypt whole databse, not any specific column in the database. This should be done in SQL 2008 or in SQL 2008 Express edition If any one can, do favour for this ...

Is AES_256 stronger than blowfish

I'm considering using mysql's built-in aes_encrypt. I normally use blowfish, but mysql doesn't seem to support it natively. How do the 2 compare together? Is one stronger than the other? ...

Please Advise on Performance in C# File Encryption

I have created a test (not real) encryption function which takes a byte[] and replaces all the bytes with 0xff and returns private byte[] encrypt(byte[] input) { for (int i = 0; i < input.Length; i++) { input[i] = 0xff; } return input; } Now i want ...

HTTP based authentication/encryption protocol in a custom system

We have a custom built program that needs authenticated/encrypted communication between a client and a server[both in Python]. We are doing an overhaul from custom written Diffie-Hellman+AES to RSA+AES in a non-orthodox way. So I would be very interested in comments about my idea. Prequisites: Klient has a 128bit RegistrationKey which ...

Is putting data in cookies secure?

Hi I am using asp.net mvc 2.0 and I am wondering how secure is it to put information in a cookie? Like I put in my cookie a forms authentication ticket that is encrypted so can I put information that could be sensitive in there? string encryptedTicket = FormsAuthentication.Encrypt(authTicket) HttpCookie authCookie = new HttpCook...

Encrypt/Decrypt Form Fields auto in Cake PHP

Hey, I was just wondering how to decrypt/encrypt form data in cakephp by creating a behavior? What I have so far: $key = Configure::read('Security.cipherSeed'); Security::cipher($encrypt,$key) debug($key); function encrypt { var $autoEncrypt= 'true';} function decrypt {} Other than this I really could use some help. ...

Best Practices for Passing Data Between Pages

The Problem In the stack that we re-use between projects, we are putting a little bit too much data in the session for passing data between pages. This was good in theory because it prevents tampering, replay attacks, and so on, but it creates as many problems as it solves. Session loss itself is an issue, although it's mostly handled ...

For RSA, how do i calculate the secret exponent?

For RSA, how do i calculate the secret exponent? Given p and q the two primes, and phi=(p-1)(q-1), and the public exponent (0x10001), how do i get the secret exponent 'd' ? I've read that i have to do: d = e-1 mod phi using modular inversion and the euclidean equation but i cannot understand how the above formula maps to either the a-1...

Storing a secretkey in the database and retrieving it

I am doing a project on password encryption and decryption using AES algorithm. I need to store the key of type SecretKeySpec in the database(ms-access) and have to retrieve it. How can i do this? I have created a column in the database of type oletype object. I am using a query: String query="insert into encrypt values(?)"; how to se...

What encryption should be used in encoding and how does it affect key and initialisation vectors?

Hi, I'm getting my head around encryption and how encoding affects generation of the keys and initialization vectors. I'm working with a TripleDESCryptoServiceProvider which requires 24 byte key and 8 byte initialization vector using ASCII encoding. If i decide to use a different encoding , how will this affect generation of the key a...

Decryption of different keys give the same result

Hi, I saw this behavior today while working with a Java EE Framework. Every time I'm getting an int ID from the server, that ID is encrypted + encoded in base 64, and the encrypted string is sent back. Each request gives a different encrypted key. The behavior that is strange is that if I make 5 requests, the encrypted text I received a...

Should you encrypt data in the app.config and web.config under this situtation?

Hi I am developing an asp.net mvc 2 web application. My clients will most likely want a copy of my application to be hosted on their servers instead of me hosting it on my server for all clients. However I see a problem with this because I was planning to use the .net 2.0 encryptor to encrypt my web.config to make it safer. I got to t...

Encrypting files in resource constrained mobile devices

So the basic question is in encrypting files in resource constrained devices. I have used a rather dangerous approach to use two FileStreams, where FileStream 1 is reading from the file and copying it to a byte array The contents of the byte array is encrypted. FileStream 2, writes the bytes back to the same file. This works fine b...