I have a few questions about when and how viewstate is encrypted in asp.net 3.5. For instance, if I have a machinekey entry in my web.config like: decryptionKey="AutoGenerate,IsolateApps" validation="AES" decryption="Auto" /> Is viewstate encrypted at this point? Or do I need to specify the viewStateEncryp...
I'm rewriting a PHP web site in ASP.NET MVC. I'd like to maintain the same user base but the passwords are hashed using the PHP crypt() function. I need the same function in .Net so that I can hash a password on login and check it against the hashed password in the user database. crypt in this case is using the CRYPT_MD5 implementation ...
Recently my company forced a roll out of SafeBoot. The problem is that I was using Ubuntu under Wubi. Since the whole drive is encrypted now, I can't boot into Ubuntu. I was hoping to create a new partition for Ubuntu so I could still use it. I know there are partition tools available, but I've never used one on an encrypted disk. Are pr...
Scenario: a web application written in PHP utilizes an Amazon Web Service and must keep the Access Key ID and a Secret Access Key handy in order to function. Are there current recommendations and/or API's out there for storing this data securely? My thought is to symmetrically encrypt it into a file based on a key created from local se...
I need to make some code to talk to a SOAP web service. Unfortunately I'm unable to get a connection to the service as it requires a SSL connection encrypted with a special certificate. I've been given a pk12 certificate which when installed into my keychain allows me to access the SOAP service manually via Safari, but I'm unable to ge...
When using ASP.NET protected configuration, how can I encrypt the config with just the public key? I can export a public key file. I would like to then use this public key to encrypt the configuration files on another server for later deployment. However, I can't figure out how to get aspnet_regiis to use the exported public key. Bas...
For a web application, I would like to create a simple but effective licensing system. In C#, this is a little difficult, since my decryption method could be viewed by anyone with Reflector installed. What are some methods for encrypting files in C# that are fairly tamper-proof? ...
As an example, let's say that Alice signs a message with her secret key and encrypts the message and signature with Trent's public key. Trent decrypts the message and signature with his secret key, verifies Alice's signature using her public key, and then re-encrypts the message and Alice's signature using Bob, Carol and Zoe's public key...
I am trying to build a working encrypted signature for the Amazon S3 web service, writing a connection library using Objective C. I have run into HMAC SHA-1 digest problems with the ObjC code, so I'm putting that to the side and looking at existing, working Perl code, to try to troubleshoot digest creation. I am testing HMAC SHA-1 dig...
I'm currently working on desktop application which calls third party API. After authorizing against their "web service", a kind of user token is returned which should be stored locally (even if user closes application). So I'm looking for solution to encrypt this token with user specific key. Does Windows (and .NET) provide some stand...
I'm trying to learn how to do passphrase-based encryption with Java. I'm finding several examples online, but none (yet) on Stack Overflow. The examples are a little light on explanation for me, particularly regarding algorithm selection. There seems to be a lot of passing strings around to say what algorithms to use, but little docum...
Hi all, I have been trying for quite a while to figure out how to encrypt Application blocks that are stored in an external file called dev_entlib.config I can see in entlib (4.1) that it's possible to use the default protection providers to encrypt the blocks but, I really need to deploy this Application on different servers and thus ...
I am conducting some throughput testing. My application has to read from JMS do some processing write to JMS My goal here is to simulate #2, 'some processing'. That is, introduce a delay and occupy the CPU for a given time (e.g. 500ms) before forwarding the event. The naive approach would be to Thread.sleep(500). This would introduc...
What is the best way to encrypt a value in INI file? Using Encryption/Decryption key?? ...
Does anyone have a good implementation of a stream cipher written in pure portable C? I am not terribly concerned with the strength of the cipher at this point in time because it is only for a proof of concept, but speed would be important. I've thought about just Xor'ing with a constant if I cannot find a decent stream cipher. ...
This Wikipedia page has an extensive list of hashing methods As you can see, both MD5 and Sha1 have been broken (in Cryptography, "broken" means there's an attack less complex than the brute force attack. In other words, if you need 1 million year to find a collision instead of one billion year using brute force, the algorithm is consid...
Hello everybody, and thanks for your help. First off, I would like to ask if any of you know of an encryption algorithm that uses a key to encrypt the data, but no key to decrypt the data. This seems highly unlikely, if not impossible to me, so sorry if it's a stupid question. My final question is, say you have access to the plain text d...
Hi, I am looking to develop a system in which i need to assign every user a unique pin code for security. The user will only enter this pin code as a means of identifying himself. Thus i dont want the user to be able to guess another users pincode. Assuming the max users i will have is 100000, how long should this pin code be? e.g. 123...
I am building an application and I am planning on using Open SSL for securing data transfers. I am planning on only having the client validate the server's certificate. I am confused on how I should secure the server's certificate. I would like to encrypt the server's certificate containing the private key but I do not want to use any ha...
I need to access the crypto functions of OpenSSL to encode Blowfish data in a CBC streams. I've googled and found some Blowfish libraries (hand written) and some OpenSSL wrappers (none of the seem complete.) In the end, I need to access the certain OpenSSL functions, such as the full blowfish.h library of commands. What's the pythonic/r...