I know many web projects still use the older MD5() or SHA1() when creating hashes. However, in my projects I have been using SHA256 for stronger/longer hashes since when I last checked the there was some question about which hashes were the bester ones to use. So I just chose the government standard (at the time). However, I'm wondering...
I got very concerned reading this genius post by Aza Raskin. What are the non-browsers solutions to defend against TabNabbing? Are there any? ...
In our project there are several places where we could've gotten away with hashing. For example, we store an encrypted reference between a license and the licensed object in the database along with the unencrypted reference. This is to ensure that the user can't change the entity they have licensed by mucking with the database. The ma...
Surprisingly enough there's very little information on the Web about using Bouncy Castle's lightweight API. After looking around for a while I was able to put together a basic example: RSAKeyPairGenerator generator = new RSAKeyPairGenerator(); generator.init(new RSAKeyGenerationParameters ( new BigInteger("10001", 16),//publ...
How can we encrypted user credentials when they are transmitted with php? (in login forms) Thanks ...
I'm designing a training program in C++ that will be distributed to a large number of facilities, most of which won't have much in the way of an IT staff. The program connects via a TCP connection to a central database which stores various pieces of data for research and evaluation purposes. The problem I have is that I would like to ma...
I try to decrypt data that was originally encrypted with Objective-C in Java. There are other questions mentioning this but they are really cluttered and many of them aren't solved yet therefore I will post my own. This is the code that encrypts the data: - (int) encryptWithKey: (NSString *) key { // 'key' should be 32 b...
I have created a key file with this command: sn.exe -k 2048 Build.snk I would like to read in this key with .NET. I haven't been able to find any document as to the format of the .snk, so I'm wondering if there's a way in C# to read in an .snk file? My original reason for asking the question was to use the .snk file for purposes...
I need some kind of DTE in oracle 8i? Does oracle8i comes with something built in? Is that even posible? no matter if is a 3rd party solution. Thanks. ...
So far I have only seen it used in digital signatures and key agreement protocols. Can it be used like RSA to actually encrypt data? Are there any libraries for this? Edited: I need something like RSA. Encrypt the data with the recievers public key so later he can decyrpt it with his private key. I know ECDH can be used to send a secr...
Hi, I am a bit of a newbie around Security nitty gritties and especially around Cryptography. In the application we are building(ASP.net application built on .NET 3.5), we are currently using Databases to save our users authentication information (AD etc is not an option at this point). The intention is to do a one way salted hash of t...
Is there a Ruby equivalent of PHP’s mcrypt_encrypt() function ...
If I write the following code mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $raw, MCRYPT_MODE_CBC, $iv); How to write in ruby? ...
Hello all, I'm wondering if I can have multiple public keys for a private key. Can this be done? If so, what are the security issues!? If I generate multiple key pairs based on the same initial values (with no initial vector), shouldn't the keys be "compatible"? I'm just checking some things out and I would appreciate any help :) Ch...
I've been playing around with Bouncy Castle's implementation of RSA (Lightweight API) and got the basics figured out. Looking at their spec for JCE provider implementation I noticed that different padding schemes can be used with RSA. From what I understand, by default null padding is used. So I began exploring OAEP padding, particularly...
Considering writing a wifi cracking (wep, wpa) auditing tool for the android platform, but I am wondering if it is possible to do without a rooted phone. I had thought it would be impossible to run on an unrooted phone due to the phones wifi chip ignoring packets not addressed to the phone. That is, without the ability to set the wifi c...
Hi, i was thinking if it is possible and/or viable for obfuscation and security to do as the follow: Client start session with Server (which means a valid login and password was sent and accepted) Server encrypt a random password with it is Private Key that will then be used into a data encryption using Rijndael's method and send both...
This is a broad question in search of a decent broad answer, but I am really curious about which key issues professional developers must account for in terms of security. How do you make your website more hacker-proof? How do you ensure the security of your companies' databases? I'm a real noob with security issues but I am keen to hea...
Hi, Is there a windows program that allows users to encrypt a file so that it can be accessed via a Java API programmatically (i.e. to decrypt it in memory)? I hope this makes sense. I guess the question is twofold (1) Is there a free Java API to access/decrypt encrypted files? (2) Is there a free program that allows you to encrypt ...
Hi, I am trying to decrypt an MS Office 2007 document by .NET code. I know the password to open and the encryption provider (obviously), but can not find any example on how to get the Package object from the EncryptedPackageEnvelope. All MS examples are DRM related, but the documents only have a password to open. Please help! Thanks! ...