My coworker and I are having a fist-fight civilized discussion over password security. Please help us resolve our differences. One of us takes the viewpoint that: Storing passwords encrypted using a public key in addition to a one-way hashed version is OK and might be useful for integration with other authentication systems in the fut...
I have an unencrypted/unencoded string - "565040574". I also have the encrypted/encoded string for this string - "BSubW2AUWrSCL7dk9ucoiA==". It looks like this string has been Base64ed after encryption, but I don't know which encryption algorithm has been used. If I convert "BSubW2AUWrSCL7dk9ucoiA==" string to bytes using Convert.FromBa...
Let's say I have an encrypted file on an iPhone and every time I want to decrypt it, I want to "draw" a decryption symbol instead of having to use a keyboard to type it in. If you request from the user to draw a symbol to decrypt a file every time it is needed (e.g. every time they launch your application) they would probably prefer it ...
I want a form where user can change password. I am able to encrypt a password, however when it is selected from the database(the original password say 'test') it does not recognise it. This is when the password has been encrypted in db. i am checking to see if the typed password in form matches the one in the db: SELECT * from table wh...
Hi all, I'm looking for a low-level encryption to write questions/answers for a test/exam application in Java. Both the questions and exam are objects. Basically, I need a way to serialize a object, write it to a file, whilst encrypting everything so no one can read the question/answers without my program. I've heard of Protocol Buffer...
Can someone tell me in really slow terms the difference between these 2 lines of PHP? $hassh = base64_encode(sha1($word)); $hassh = hash(’sha1′, $word); ...
I am trying to encrypt some data with the following code: public static byte[] EncryptString(byte[] input, string password) { PasswordDeriveBytes pderiver = new PasswordDeriveBytes(password, null); byte[] ivZeros = new byte[8]; byte[] pbeKey = pderiver.CryptDeriveKey("RC2", "MD5", 128, ivZeros); RC2CryptoServiceProvider...
I realize that the OAuth spec doesn't specify anything about the origin of the ConsumerKey, ConsumerSecret, AccessToken, RequestToken, TokenSecret, or Verifier code, but I'm curious if there are any best practices for creating significantly secure tokens (especially Token/Secret combinations). As I see it, there are a few approaches to ...
My apologies for the length of the code I'm about to list. I need to encrypt the contents of an xml file on the C# end of my code, and decrypt it in C++. I'm using RC2, with RC2CryptoServiceProvider and CryptoStream on the C# side, with Wincrypt on the C++ side. Encryption seems to be working fine, it looks like such: public static ...
I have an iphone native application,in which i am taking credit card details , i want to encrypt this details and then store it into data base and at some point of time i need to decrypt it again..Is ther any way to do this. ...
Hi, I have to implement the HMAC MD5 in my iPhone app. The PHP version of the algorithm (implemented server side for verification) is here and I can't modify it (it's an API) function hmac($key, $data) { $b = 64; // byte length for md5 if (strlen($key) > $b) { $key = pack("H*",md5($key)); } $key = str_pad($key, $b, chr(0x00)); ...
I have to encrypt/decrypt some sensitive information in a Xml file? Yes I can do that by writing my own custom algorithms. I am wondering if there is already a built in way in .NET to do that and also what points I always need to take care.. ...
Ive been asked to convert some C++ code so that we can use it in a C# application. This snippet of code is used to decrypt a registration licence key which is embedded and passed about in configuration files. It looks to me like encrypting the string 2 bytes (correction) at a time and for the life of me, I cant work out how to do someth...
Hi Does anybody know sample application or link where i can test 128 bit AES CFB implemenation given a password and some data. Thanks ...
I'm working on a client<>server multiplayer game. The authentication is done on the same server as all game logic etc. This means that my authentication password encryption algorithm can't take too much calculation time as it would delay all the other required actions. If many people would logon at the same time that would cause a notice...
I've written Encryption/Decryption methods using the RC2CryptoServiceProvider in C# and for some reason, I cannot get my decryptor to decrypt the final few bytes. The file seems to just cut off. My encryption method looks like: public static byte[] EncryptString(byte[] input, string password) { PasswordDeriveBytes pder...
Can a Diffie-Hellman key exchange algorithm be used to encrypt client-server communication on a web-page in place of SSL? If it can, what are the disadvantages (i.e. why does the standard use SSL which requires a certificate authority)? My understanding is that Diffie-Hellman can be used to secretly establish a shared key which then ca...
Best practice is to use unique ivs, but what is unique? Is it unique for each record? or absolutely unique (unique for each field too)? If it's per field, that sounds awfully complicated, how do you manage the storage of so many ivs if you have 60 fields in each record. ...
I am creating a rails application that needs to store a large amount of sensitive data. To assure my customers that the data is being protected, I want to encrypt it on a per-user basis. I have done research looking for gems that can accomplish this. So far I've found strongbox and safe. Together, this would seem to provide a solutio...
Hi all, I have been tearing my hair out all day trying to solve this... I have an objective-c client running on the iPhone, connecting to a Java server. The iPhone is encrypting data using AES but I cannot decrypt it on the server. I am using a known passphrase and message (single string) and am generating the byte array on the iPhone...