First off: I'm working on an e-commerce site that will accept credit cards. In order to get from the "Enter your information" page to the "Confirm your information" page, I need to store the credit card information somewhere that it can be retrieved before it ultimately gets sent to the payment gateway. I'm currently leaning towards st...
Assuming I've securely exchanged keys with another computer (using Diffie-Hellman perhaps), here's my tentative solution: packet number + encrypted data + message authentication code (MAC) The packet number is an incrementally-increased number starting at 0. After that is the encrypted data itself, followed by a MAC of them both. If so...
Well I have been working on an assigment and it states: A program has to be developed, and coded in C language, to decipher a document written in Italian that is encoded using a secret key. The secret key is obtained as random permutation of all the uppercase letters, lowercase letters, numbers and blank space. As an example, let us con...
All reservations about unsecuring your SecureString by creating a System.String out of it aside, how can it be done? How can I convert an ordinary System.Security.SecureString to System.String? I'm sure many of you who are familiar with SecureString are going to respond that one should never transform a SecureString to an ordinary .NET...
I need a very, very fast one-to-one algorithm. The algorithm doesn't need to be unbreakable. Reasonably strong is enough but it must be lightning fast. I will be implementing it in hardware. Area is a concern, too, so it shouldn't use too much logic. It should be a function f_N(x) whose input is an N-bit number and whose output is a...
I want to test an encryption algorithm for strength. It doesn't have to be strong, it just has to resist accidental cracking and say, a determined hacker with 10-hours to waste. (I wrote the crypto algorithm. Yes, I know that this is generally a bad idea but I think that I have good reason.) What kind of tests should I do? So far I'...
I have a client app that needs to save a username/password for an SMTP Server. This data will be going into SQL Server 2005, and consumed by my server app. The server app will use the System.Net.Mail namespace to send e-mail messages using the supplied credentials (and from that user's e-mail address). How can I encrypt/decrypt the passw...
I keep on reading on SO that MD5 is broken, bust, obsolete and never to be used. That angers me. The fact is that collision attacks on MD5 are now fairly easy. Some people have collision attacks down to an art and can even us use them to predict elections. I find most of the examples MD5 "brokeness" less interesting. Even the famous C...
I've an assignment currently to implement this RC5 encryption in my java project but I have no much idea how to achieve it. I tried to create Cipher object as below line and it throw me exception: Cipher desCipher = Cipher.getInstance("RC5"); ***java.security.NoSuchAlgorithmException: Cannot find any provider supporting RC5*** but ot...
This is really more of a serverfault/IT question, but I am not part of the beta. Equipment / Topology: MacBook Pro (Running OSX) 4GB RAM Used for email, web browsing, basicly everything that isn't Visual Studio or a MS app. VMWare Fusion VMs (mostly XP) for various development needs Main VS2008 Development Custom 3rd party software...
I need to generate a commutative hash based on three sets of "score" structs. Each score has a "start", an "end" and a "number". Both start and end are usually huge numbers (8-9 digits) but number is just from 1 to 4. I need them to be commutative so the order does not matter. I'm using XOR at the moment but it seems to be giving bad ...
Hi, I want to know which padding modes for AES encryption are common in both java and C#.NET Thanks Bapi ...
I am writing a server-client application to receive user message and publish it. Thinking about authentication method. Asymmetric encryption, probably RSA. Hash (salt+password+'msg'+'userid'), SHA256 HMAC, SHA256. seems to be more secured than the method 2. Also involve hashing the password and msg data. Symmetric Encryption of the '...
I have an internal WPF client application that accesses a database. The application is a central resource for a Support team and as such includes Remote Access/Login information for clients. At the moment this database is not available via a web interface etc, but one day is likely to. The remote access information includes the usernam...
Currently we have MS SQL Server 2005 (32 bit). We have 1 assembly (and only 1 assembly) which we use for encryption and decryption. Only 512 MB of system memory is allocated to CLR. The assembly runs pretty slow, and I'm trying to rule out if its from memory or not. When I run the SQL code in query analyzer (not in an assembly) it runs q...
I'm looking for an two-way encryption algorithm to encode an array as a string, so that I can securely store some data in a cookie. The algorithm shouldn't just implode the array, I want it to be obfuscated too. My data contains all printable characters. A link to something would be sufficient, I just can't seem to dig anything up on Go...
I am using AES/CBC/PKCS5Padding padding standard in java and my friend uses PKCS7 standard in c#.NET If My friend encrypt the data using AES and send me the key then I can decrypt it. But If my data length increases more than 2920 bytes then if i encrypt the data in c#.NET and decrypt the data in java then my decryption does not work go...
Hello, I need to create a keyed hash for a string of XML to send to a 3rd party. This is the code I am using but it is producing a different hash then the example the 3rd party has sent me. I have been through all the tutorials I can find and re-read MSDN again and again, what am I doing wrong? Or should I suspect a problem at the other...
What are different padding modes and cipher modes in IPhone for AES encryption? Thanks ...
I have cruisecontrol.net building a asp.net web deployment project. This is working great until i created multiple deployment "configurations". Basically we have a dev,test,stage, and prod. The stage and prod configurations have a web.config replacement setup to change the plain text connectionstring section to what our production webs...