Search Results

Search found 379 results on 16 pages for 'cryptography'.

Page 1/16 | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • What should web programmers know about cryptography?

    - by davidhaskins
    Should programmers who build websites/web applications understand cryptography? I have no idea how most crypographic algorithms work, and I really don't understand the differences between md5/des/aes/etc. Have any of you found any need for an in-depth understanding of cryptography? I haven't needed it, but I wonder if perhaps I'm missing something. I've used salt + md5 hash to encrypt passwords, and I tell webservers to use SSL. Beyond that, I can't say I've used much else, nor can I say with any certainty how secure these methods are. I only use them because other people claim they are safe. Have you ever found a need to use cryptography in web programming aside from these two simple examples?

    Read the article

  • Java Cryptography Extension

    - by Adam Tannon
    I was told that in order to support AES256 encryption inside my Java app that I would need the JCE with Unlimited Strength Jurisdiction Policy Files. I downloaded this from Oracle and unzipped it and I'm only seeing 2 JARs: local_policy.jar; and US_export_polic.jar I just want to confirm I'm not missing anything here! My understanding (after reading the README.txt) is that I just drop these two into my <JAVA_HOME>/lib/security/ directory and they should be installed. By the names of these JARs I have to assume that its not the Java Crypto API that cannot handle AES256, but it's in fact a legal issue, perhaps? And that these two JARs basically tell the JRE "yes, it's legally-acceptable to run this level of crypto (AES256)." Am I correct or off-base?

    Read the article

  • virtual machines and cryptography

    - by Unknown
    I suspect I'm a bit offtopic with the site mission, but it seems me more fitting for the question than stackoverflow i'm in preparing to create a vm with sensible data (personal use, it will be a web+mail+... appliance of sorts), i'd like to protect the data even with cryptography; the final choice have to be cross-platform for the host basically, I have to choose between guest system-level cryptography (say, dm-crypt or similar) or host level cryptography with truecrypt. do you think that the "truecrypt-volume contained virtualized disks" approach will hit the i/o performance of the vm badly (and therefore dm-crypt like approaches into the vm would be better), or is it doable? I'd like to protect all the guest data, not only my personal data, to be able to suspend the vm freely without worrying for the swap partition, etc

    Read the article

  • How to reproduce System.Security.Cryptography.SHA1Managed result in Python

    - by joetyson
    Here's the deal: I'm moving a .NET website to Python. I have a database with passwords hashed using the System.Security.Cryptography.SHA1Managed utility. I'm creating the hash in .NET with the following code: string hashedPassword = Cryptographer.CreateHash("MYHasher", userInfo.Password); The MYHasher block looks like this: <add algorithmType="System.Security.Cryptography.SHA1Managed, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=blahblahblah" saltEnabled="true" type="Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.HashAlgorithmProvider, Microsoft.Practices.EnterpriseLibrary.Security.Cryptography, Version=3.0.0.0, Culture=neutral, PublicKeyToken=daahblahdahdah" name="MYHasher" /> So for a given password, I get back and store in the database a 48 byte salted sha1. I assume the last 8 bytes are the salt. I have tried to reproduce the hashing process in python by doing a sha1(salt + password) and sha1(password + salt) but I'm having no luck. My question to you: How are the public keys being used? How is the password rehashed using the salt. How is the salt created? (e.g., When I say saltEnabled="true", what extra magic happens?) I need specific details that don't just reference other .NET libraries, I'm looking for the actual operational logic that happens in the blackbox. Thanks!

    Read the article

  • Why are primes important in cryptography?

    - by Michael Stum
    One thing that always strikes me as a non-cryptographer: Why is it so important to use Prime numbers? What makes them so special in cryptography? Does anyone have a simple short explanation? (I am aware that there are many primers and that Applied Cryptography is the Bible, but as said: I am not looking to implement my own cryptographic algorithm, and the stuff that I found just made my brain explode - no 10 pages of math formulas please :)) Thanks for all the answers. I've accepted the one that made the actual concept most clear to me.

    Read the article

  • External iPhone Cryptography Libs

    - by AO
    Are there any legal problems using external crypto libs in my iPhone application? I know that Apple has to comply to US cryptography export rules but do I as a developer have any responsibility? How does it work?

    Read the article

  • Tools for visualizing and implementing elliptic curve cryptography

    - by LL
    I need to create a program which will show how elliptic curve cryptography works. I was considering using Java Swing to create the GUI, but the main problem is what tool to use to plot the elliptic curve itself, and how to integrate that with Java Swing. I would like the plot to be included in the user interface and also allow changes to be made to it. Can you suggest any tools that would help with this?

    Read the article

  • How do I combine the two methods of cryptography, CBC cipher block and Vingenere Chiper [on hold]

    - by Bangpe
    Code Vingenere static String encrypt(String text, final String key) { String res = ""; text = text.toUpperCase(); for (int i = 0, j = 0; i < text.length(); i++) { char c = text.charAt(i); if (c < 'A' || c > 'Z') continue; res += (char)((c + key.charAt(j) - 2 * 'A') % 26 + 'A'); j = ++j % key.length(); } return res; } Code CBC Chiper public CbcBlockCipher( BlockCipher blockCipher ) { super( blockCipher.keySize(), blockCipher.blockSize() ); this.blockCipher = blockCipher; iv = new byte[blockSize()]; zeroBlock( iv ); temp = new byte[blockSize()]; }

    Read the article

  • Cryptography for P2P card game

    - by zephyr
    I'm considering writing a computer adaptation of a semi-popular card game. I'd like to make it function without a central server, and I'm trying to come up with a scheme that will make cheating impossible without having to trust the client. The basic problem as I see it is that each player has a several piles of cards (draw deck, current hand and discard deck). It must be impossible for either player to alter the composition of these piles except when allowed by the game rules (ie drawing or discarding cards), nor should players be able to know what is in their or their oppponent's piles. I feel like there should be some way to use something like public-key cryptography to accomplish this, but I keep finding holes in my schemes. Can anyone suggest a protocol or point me to some resources on this topic? [Edit] Ok, so I've been thinking about this a bit more, and here's an idea I've come up with. If you can poke any holes in it please let me know. At shuffle time, a player has a stack of cards whose value is known to them. They take these values, concatenate a random salt to each, then hash them. They record the salts, and pass the hashes to their opponent. The opponent concatenates a salt of their own, hashes again, then shuffles the hashes and passes the deck back to the original player. I believe at this point, the deck has been randomized and neither player can have any knowledge of the values. However, when a card is drawn, the opponent can reveal their salt, allowing the first player to determine what the original value is, and when the card is played the player reveals their own salt, allowing the opponent to verify the card value.

    Read the article

  • Visual Basic Cryptography Question

    - by Glenn Sullivan
    I am trying to mimic the results of some C code that uses the OpenSSL library using the system.security.crytography library in the .net 3.5 world, and I can't seem to get it right. I need some help... part of the issue is my understanding of crytography in general. Here's what is supposed to happen: I send a request for authentication to a device. It returns a challenge digest, which I then need to sign with a known key and return The device returns a "success" or "Fail" message. I have the following code snippet that I am trying to "copy": //Seed the PRNG //Cheating here - the PRNG will be seeded when we create a key pair //The key pair is discarded only doing this to seed the PRNG. DSA *temp_dsa = DSA_new(); if(!temp_dsa) { printf("Error: The client had an error with the DSA API\n"); exit(0); } unsigned char seed[20] = "Our Super Secret Key"; temp_dsa = DSA_generate_parameters(128, seed, sizeof(seed), NULL, NULL, NULL, NULL); DSA_free(temp_dsa); //A pointer to the private key. p = (unsigned char *)&priv_key; //Create and allocate a DSA structure from the private key. DSA *priv_dsa = NULL; priv_dsa = d2i_DSAPrivateKey(NULL, &p, sizeof(priv_key)); if(!priv_dsa) { printf("Error: The client had an error with the DSA API\n"); exit(0); } //Allocate memory for the to be computed signature. sigret = OPENSSL_malloc(DSA_size(priv_dsa)); //Sign the challenge digest recieved from the ISC. retval = DSA_sign(0, pResp->data, pResp->data_length, sigret, &siglen, priv_dsa); A few more bits of information: priv_key is a 252 element character array of hex characters that is included. The end result is a 512 (or less) array of characters to send back for validation to the device. Rasmus asked to see the key array. Here it is: unsigned char priv_key[] = {0x30, 0x81, 0xf9, 0x02, 0x01, 0x00, 0x02, 0x41, 0x00, 0xfe, 0xca, 0x97, 0x55, 0x1f, 0xc0, 0xb7, 0x1f, 0xad, 0xf0, 0x93, 0xec, 0x4b, 0x31, 0x94, 0x78, 0x86, 0x82, 0x1b, 0xab, 0xc4, 0x9e, 0x5c, 0x40, 0xd9, 0x89, 0x7d, 0xde, 0x43, 0x38, 0x06, 0x4f, 0x1b, 0x2b, 0xef, 0x5c, 0xb7, 0xff, 0x21, 0xb1, 0x11, 0xe6, 0x9a, 0x81, 0x9a, 0x2b, 0xef, 0x3a, 0xbb, 0x5c, 0xea, 0x76, 0xae, 0x3a, 0x8b, 0x92, 0xd2, 0x7c, 0xf1, 0x89, 0x8e, 0x4d, 0x3f, 0x0d, 0x02, 0x15, 0x00, 0x88, 0x16, 0x1b, 0xf5, 0xda, 0x43, 0xee, 0x4b, 0x58, 0xbb, 0x93, 0xea, 0x4e, 0x2b, 0xda, 0xb9, 0x17, 0xd1, 0xff, 0x21, 0x02, 0x41, 0x00, 0xf6, 0xbb, 0x45, 0xea, 0xda, 0x72, 0x39, 0x4f, 0xc1, 0xdd, 0x02, 0xb4, 0xf3, 0xaa, 0xe5, 0xe2, 0x76, 0xc7, 0xdc, 0x34, 0xb2, 0x0a, 0xd8, 0x69, 0x63, 0xc3, 0x40, 0x2c, 0x58, 0xea, 0xa6, 0xbd, 0x24, 0x8b, 0x6b, 0xaa, 0x4b, 0x41, 0xfc, 0x5f, 0x21, 0x02, 0x3c, 0x27, 0xa9, 0xc7, 0x7a, 0xc8, 0x59, 0xcd, 0x5b, 0xdd, 0x6c, 0x44, 0x48, 0x86, 0xd1, 0x34, 0x46, 0xb0, 0x89, 0x55, 0x50, 0x87, 0x02, 0x41, 0x00, 0x80, 0x29, 0xc6, 0x4a, 0x08, 0x3e, 0x30, 0x54, 0x71, 0x9b, 0x95, 0x49, 0x55, 0x17, 0x70, 0xc7, 0x96, 0x65, 0xc8, 0xc2, 0xe2, 0x8a, 0xe0, 0x5d, 0x9f, 0xe4, 0xb2, 0x1f, 0x20, 0x83, 0x70, 0xbc, 0x88, 0x36, 0x03, 0x29, 0x59, 0xcd, 0xc7, 0xcd, 0xd9, 0x4a, 0xa8, 0x65, 0x24, 0x6a, 0x77, 0x8a, 0x10, 0x88, 0x0d, 0x2f, 0x15, 0x4b, 0xbe, 0xba, 0x13, 0x23, 0xa1, 0x73, 0xa3, 0x04, 0x37, 0xc9, 0x02, 0x14, 0x06, 0x8e, 0xc1, 0x41, 0x40, 0xf1, 0xf6, 0xe1, 0xfa, 0xfb, 0x64, 0x28, 0x02, 0x15, 0xce, 0x47, 0xaa, 0xce, 0x6e, 0xfe}; Can anyone help me translate this code to it's VB.net crypto equivalent? TIA, Glenn

    Read the article

  • how does public key cryptography work

    - by rap-uvic
    Hello, What I understand about RSA is that Alice can create a public and a private key combination, and then send the public key over to Bob. And then afterward Bob can encrypt something using the public key and Alice will use the public and private key combo to decrypt it. However, how can Alice encrypt something to be sent over to Bob? How would Bob decrypt it? I ask because I'm curious how when I log onto my banking site, my bank sends me data such as my online statements. How does my browser decrypt that information? I don't have the private key.

    Read the article

  • lightweight cryptography toolkit(s) for c++ and python

    - by Joey
    Hi, I'm looking to do some basic encryption of server messages which'd be encrypted with C++ and decrypted using Python serverside. I was wondering if anyone knew if there were good solutions that were simpler or more lightweight than Keyczar. I see that supports both C++ and python, but would using Crypto++ and PyCrypto be simpler for a newbie that just wants to get something up and running for the time being? Or should I use Keyczar for python and Crypto++ for the C++ end? The C++ libraries seem to have dependencies to hundreds of files.

    Read the article

  • Cryptography: best practices for keys in memory?

    - by Johan
    Background: I got some data encrypted with AES (ie symmetric crypto) in a database. A server side application, running on a (assumed) secure and isolated Linux box, uses this data. It reads the encrypted data from the DB, and writes back encrypted data, only dealing with the unencrypted data in memory. So, in order to do this, the app is required to have the key stored in memory. The question is, is there any good best practices for this? Securing the key in memory. A few ideas: Keeping it in unswappable memory (for linux: setting SHM_LOCK with shmctl(2)?) Splitting the key over multiple memory locations. Encrypting the key. With what, and how to keep the...key key.. secure? Loading the key from file each time its required (slow and if the evildoer can read our memory, he can probably read our files too) Some scenarios on why the key might leak: evildoer getting hold of mem dump/core dump; bad bounds checking in code leading to information leakage; The first one seems like a good and pretty simple thing to do, but how about the rest? Other ideas? Any standard specifications/best practices? Thanks for any input!

    Read the article

  • Le W3C présente Web cryptography API, une norme pour améliorer la sécurité des applications Web

    Le W3C présente Web cryptography API une norme pour améliorer la sécurité des applications Web La sécurité est un aspect important dans le cycle de développement d'une application. Les développeurs ont souvent recours à des outils tiers ou doivent développer au prix de nombreux efforts leurs propres fonctionnalités de cryptographie. Le W3C (World Wide Web Consortium), l'organisme de normalisation des standards du Web ouvert, travaille actuellement sur un standard qui vise à améliorer la sécurité des applications Web tout en facilitant la tâche du développeur. L'organisme vient de publier un premier brouillon (draft) pour l'API Web cryptography. Le projet a...

    Read the article

  • Unleash the Power of Cryptography on SPARC T4

    - by B.Koch
    by Rob Ludeman Oracle’s SPARC T4 systems are architected to deliver enhanced value for customer via the inclusion of many integrated features.  One of the best examples of this approach is demonstrated in the on-chip cryptographic support that delivers wire speed encryption capabilities without any impact to application performance.  The Evolution of SPARC Encryption SPARC T-Series systems have a long history of providing this capability, dating back to the release of the first T2000 systems that featured support for on-chip RSA encryption directly in the UltraSPARC T1 processor.  Successive generations have built on this approach by support for additional encryption ciphers that are tightly coupled with the Oracle Solaris 10 and Solaris 11 encryption framework.  While earlier versions of this technology were implemented using co-processors, the SPARC T4 was redesigned with new crypto instructions to eliminate some of the performance overhead associated with the former approach, resulting in much higher performance for encrypted workloads. The Superiority of the SPARC T4 Approach to Crypto As companies continue to engage in more and more e-commerce, the need to provide greater degrees of security for these transactions is more critical than ever before.  Traditional methods of securing data in transit by applications have a number of drawbacks that are addressed by the SPARC T4 cryptographic approach. 1. Performance degradation – cryptography is highly compute intensive and therefore, there is a significant cost when using other architectures without embedded crypto functionality.  This performance penalty impacts the entire system, slowing down performance of web servers (SSL), for example, and potentially bogging down the speed of other business applications.  The SPARC T4 processor enables customers to deliver high levels of security to internal and external customers while not incurring an impact to overall SLAs in their IT environment. 2. Added cost – one of the methods to avoid performance degradation is the addition of add-in cryptographic accelerator cards or external offload engines in other systems.  While these solutions provide a brute force mechanism to avoid the problem of slower system performance, it usually comes at an added cost.  Customers looking to encrypt datacenter traffic without the overhead and expenditure of extra hardware can rely on SPARC T4 systems to deliver the performance necessary without the need to purchase other hardware or add-on cards. 3. Higher complexity – the addition of cryptographic cards or leveraging load balancers to perform encryption tasks results in added complexity from a management standpoint.  With SPARC T4, encryption keys and the framework built into Solaris 10 and 11 means that administrators generally don’t need to spend extra cycles determining how to perform cryptographic functions.  In fact, many of the instructions are built-in and require no user intervention to be utilized.  For example, For OpenSSL on Solaris 11, SPARC T4 crypto is available directly with a new built-in OpenSSL 1.0 engine, called the "t4 engine."  For a deeper technical dive into the new instructions included in SPARC T4, consult Dan Anderson’s blog. Conclusion In summary, SPARC T4 systems offer customers much more value for applications than just increased performance. The integration of key virtualization technologies, embedded encryption, and a true Enterprise Operating System, Oracle Solaris, provides direct business benefits that supersedes the commodity approach to data center computing.   SPARC T4 removes the roadblocks to secure computing by offering integrated crypto accelerators that can save IT organizations in operating cost while delivering higher levels of performance and meeting objectives around compliance. For more on the SPARC T4 family of products, go to here.

    Read the article

  • RSACryptoServiceProvider CryptographicException System Cannot Find the File Specified under ASP.NET

    - by Will Hughes
    I have an application which is making use of the RSACryptoServiceProvider to decrypt some data using a known private key (stored in a variable). When the IIS Application Pool is configured to use Network Service, everything runs fine. However, when we configure the IIS Application Pool to run the code under a different Identity, we get the following: System.Security.Cryptography.CryptographicException: The system cannot find the file specified. at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer) at System.Security.Cryptography.RSACryptoServiceProvider.ImportParameters(RSAParameters parameters) at System.Security.Cryptography.RSA.FromXmlString(String xmlString) The code is something like this: byte[] input; byte[] output; string private_key_xml; var provider = new System.Cryptography.RSACryptoServiceProvider(this.m_key.Key_Size); provider.FromXmlString(private_key_xml); // Fails Here when Application Pool Identity != Network Service ouput = provider.Decrypt(input, false); // False = Use PKCS#1 v1.5 Padding There are resources which attempt to answer it by stating that you should give the user read access to the machine key store - however there is no definitive answer to solve this issue. Environment: IIS 6.0, Windows Server 2003 R2, .NET 3.5 SP1

    Read the article

  • DSACryptoServiceProvider constructor throws CryptographicException

    - by Rick
    This code below thows the following error: System.Security.Cryptography.CryptographicException "The handle is invalid" CspParameters CSPParam = new System.Security.Cryptography.CspParameters(13, null, null); CSPParam.Flags = CspProviderFlags.UseMachineKeyStore; CSPParam.KeyContainerName = "MyKeys"; System.Security.Cryptography.DSACryptoServiceProvider r = new System.Security.Cryptography.DSACryptoServiceProvider(CSPParam); //Error occurs here This code had been working with no issues then it started throwing this error. I can't think of anything that I have changed that relates to this. Has nayone seen this error? Any ideas of what to try?

    Read the article

1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >