Search Results

Search found 2089 results on 84 pages for 'encryption'.

Page 12/84 | < Previous Page | 8 9 10 11 12 13 14 15 16 17 18 19  | Next Page >

  • REST authentication S3 like hmac sha1 signature vs symetric data encryption.

    - by coulix
    Hello stackers, I was arguing about an S3 like aproach using authorization hash with a secret key as the seed and some data on the request as the message signed with hmac sha1 (Amazon S3 way) vs an other developer supporting symetric encryption of the data with a secret key known by the emiter and the server. What are the advantage of using signed data with hmac sha1 vs symetric key other than the fact that with the former, we do not need to encrypt the username or password. What would be the hardest to break ? symetric encryption or sha1 hashing at la S3 ? If all big players are using oauth and similar without symetric key it is sure that there are obvious advantages, what are those ?

    Read the article

  • How to build this encryption system that allows multiple users/objects.

    - by Patrick
    Hello! I am trying to figure out how to create an optimal solution for my project. I made this simple picture in Photoshop to try to illustrate the problem and how i want it (if possible). Illustrative image Ill also try to explain it based on the picture. First off we have a couple of objects to the left, these objects all get encrypted with their own encryption key (EKey on the picture) and then stored in the database. On the other side we have different users placed into roles (one user can be in a lot of roles) and the roles are associated with different objects. So one person only has access the to the objects that the role provides. So for instance Role A might have access to Object A and B. Role B have access only to Object C and Role C have access to all objects. Nothing strange in that, right? Different roles have different objects that they can access. Now to the problem part. Each user has to login with his/her username/password and then he/she gets access to the objects that his/her roles provide. All the objects are encrypted so she needs to get a decryption key somehow. I don't want to store the encryption key as a text string on the server. It should be, if possible, decrypted using the users password (along with the role) or similar. That way you have to be a user on the server in order to decrypt an object an to work with it. I was thinking about making a public/private key encryption system, but i am kinda stuck on how to give the different users the decryption key to the objects. Since i need to be able to move users to and from roles, add new users, add new roles and create/delete objects. There will be one administrator that then adds some data to allow the users in that role to get the decryption key to decrypt the object. Nothing is static and i am trying to get a picture of how this can be built or if there is a far better solution. The only criteria are: -Encrypted objects. -Decryption key should not be stored as text. -Different users have access to different objects. -Does NOT have to have roles.

    Read the article

  • How do I encrypt but share a number of folders?

    - by d3vid
    I want to achieve the following functionality. Is it possible? Boot up computer (possibly via WakeOnLan or WakeOnPlan). Either be automatically logged in, or log in via login screen, or log in remotely. I change this behavior occasionally, so full disk encryption wouldn't work for me because it requires a password on bootup (which would it would prevent the remote bootup options, and the automatic login option). I am only interested in encrypting data, not the entire harddrive. Once logged in either: a launcher/tray icon is available to launch encryption app (preferred) run encryption app from the dash Prompted to unlock encrypted folder(s) individually. Unlocked folders are available to: me, apps I am running (e.g. editors, SpiderOak) Ideally, folders that I share with bindfs can be locked/unlocked by other users too. A key point is that once I have unlocked an encrypted folder, I don't want to have to think about it again. I currently achieve this via TrueCrypt (except for the last part). Unfortunately TrueCrypt isn't well integrated with Ubuntu (licensing issues prevent Debian from including it in their repo, the interface isn't quite integrated with Unity, setting it as a startup app doesn't quite work, sharing encrypted folders isn't really part of its design). Is there an alternative to TrueCrypt that is better integrated with the Ubuntu GUI and would suit this workflow?

    Read the article

  • Deleted info in Boot folder

    - by user207984
    First off, I'm using Zorin 7 OS. So my Boot folder was too full to install any new updates, I used a tutorial I found somewhere on here to remove the unneeded linux-image files, and must of also deleted the latest one as well. Now when I attempt to boot I get error: no such partition. grub rescue> I used my MultiSystem USB to install (on a separate partition) a different Linux OS (Kali) and no longer get that error, however, it will ONLY give me the option to boot Kali Linux. Here's the biggest new problem though, I used the built in option of hard drive encryption for Zorin 7 when I initially installed it, so now when I attempt to explore it (to get all my saved data which is REALLY important to me), it asks me for password for encryption. However, the password says it in not recognized, and I know it's right, I had to type it in every single day. So I either need a way to restore my Zorin 7 boot files or GRUB or whatever, so I can boot it up... or I need to know how to fix my encryption problem to save all my info.

    Read the article

  • Improving VPN performance - stronger encryption = more performance?

    - by Seth
    I have a site-to-site VPN set up with two SonicWall's (a TZ170 and a Pro1260). It was suggested to me that turning off encryption (so the VPN is tunneling only) would improve performance. (I'm not concerned with security, because the VPN is running over a trusted line.) Using FTP and HTTP transfers, I measured my baseline performance at about 130±10 kB/s. The Ipsec (Phase 2) Encryption was set to 3DES, so I set it to "none". However, the effect was opposite -- the performance dropped to 60±30 kB/s, and the transfers stall for about 25 seconds before any data comes down the line. I tried AES-128 and the throughput went UP to 160±5 kB/s. The rated speed of my line is 193 kB/s (it's a T1). Contrary to what I would think, stronger Ipsec encryption seems to improve throughput. Can anyone explain what might be going on here? Why would no encryption cause poor and highly variable performance, and cause transfers to stall? Why does AES-128 improve performance?

    Read the article

  • Copying files between linux machines with strong authentication but without encryption

    - by Zizzencs
    I'm looking for a suitable program to copy files from one linux machine to another one. The program should be able to do authentication but it should not do encryption. The reason behind the latter is the lack of CPU power to do the encryption. I copy backups from ~70 machines to a single backup server simultaneously. The single server is an HP Proliant DL360 G7, with 10 Gbps ethernet connection and an FC storage backend that can do 4 Gbps. Through FTP I can write ~400MB/sec to the storage (that's about what I want) but through ssh with arcfour I can only do ~100MB/sec while having 100% CPU usage. That's why I want file transfers not to be encrypted. The alternatives that I found not really suitable: rcp: no authentication, forget it FTP: making the authentication "secure" (at least preventing plain-text password exchange) is possible but not really easy and I haven't found a method to force any FTP daemon to encrypt the control channel (for the authentication) and not to encrypt the data channel (for data transfers) SCP/SFTP: in farely recent ssh(d) implementations you can't turn off encryption. The best you can do is to use the arcfour cypher for the encryption but it sill uses too much CPU power for my needs. rsync over ssh: same problems as with SCP/SFTP. plain rsync: from the documentation of rsyncd: "The authentication protocol used in rsync is a 128 bit MD4 based challenge response system. This is fairly weak protection, though (with at least one brute-force hash-finding algorithm publicly available), so if you want really top-quality security, then I recommend that you run rsync over ssh." It's a no-go. Is there a protocol/program that can do exactly what I want? (A big plus would be if it could work on windows as well and/or if it would support rsync-stlye copying/synchronization (e.g. copy only the differences).)

    Read the article

  • Why is mkfs overwriting the LUKS encryption header on LVM on RAID partitions on Ubuntu 12.04?

    - by Starchy
    I'm trying to setup a couple of LUKS-encrypted partitions to be mounted after boot-time on a new Ubuntu server which was installed with LVM on top of software RAID. After running cryptsetup luksFormat, the LUKS header is clearly visible on the volume. After running any flavor of mkfs, the header is overwritten (which does not happen on other systems that were setup without LVM), and cryptsetup will no longer recognize the device as a LUKS device. # cryptsetup -y --cipher aes-cbc-essiv:sha256 --key-size 256 luksFormat /dev/dm-1 WARNING! ======== This will overwrite data on /dev/dm-1 irrevocably. Are you sure? (Type uppercase yes): YES Enter LUKS passphrase: Verify passphrase: # hexdump -C /dev/dm-1|head -n5 00000000 4c 55 4b 53 ba be 00 01 61 65 73 00 00 00 00 00 |LUKS....aes.....| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000020 00 00 00 00 00 00 00 00 63 62 63 2d 65 73 73 69 |........cbc-essi| 00000030 76 3a 73 68 61 32 35 36 00 00 00 00 00 00 00 00 |v:sha256........| 00000040 00 00 00 00 00 00 00 00 73 68 61 31 00 00 00 00 |........sha1....| # cryptsetup luksOpen /dev/dm-1 web2-var # mkfs.ext4 /dev/mapper/web2-var [..snip..] Creating journal (32768 blocks): done Writing superblocks and filesystem accounting information: done # hexdump -C /dev/dm-1|head -n5 # cryptsetup luksClose /dev/mapper/web2-var 00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00000400 00 40 5d 00 00 88 74 01 66 a0 12 00 17 f2 6d 01 |.@]...t.f.....m.| 00000410 f5 3f 5d 00 00 00 00 00 02 00 00 00 02 00 00 00 |.?].............| 00000420 00 80 00 00 00 80 00 00 00 20 00 00 00 00 00 00 |......... ......| # cryptsetup luksOpen /dev/dm-1 web2-var Device /dev/dm-1 is not a valid LUKS device. I have also tried mkfs.ext2 with the same result. Based on setups I've done successfully on Debian and Ubuntu (but not LVM or Ubuntu 12.04), it's hard to see why this is failing.

    Read the article

  • Is encryption really needed for having network security? [closed]

    - by Cawas
    I welcome better key-wording here, both on tags and title. I'm trying to conceive a free, open and secure network environment that would work anywhere, from big enterprises to small home networks of just 1 machine. I think since wireless Access Points are the most, if not only, true weak point of a Local Area Network (let's not consider every other security aspect of having internet) there would be basically two points to consider here: Having an open AP for anyone to use the internet through Leaving the whole LAN also open for guests to be able to easily read (only) files on it, and even a place to drop files on Considering these two aspects, once everything is done properly... What's the most secure option between having that, or having just an encrypted password-protected wifi? Of course "both" would seem "more secure". But it shouldn't actually be anything substantial. I've always had the feeling using any kind of the so called "wireless security" methods is actually a bad design. I'm talking mostly about encrypting and pass-phrasing (which are actually two different concepts), since I won't even consider hiding SSID and mac filtering. I understand it's a natural way of thinking. With cable networking nobody can access the network unless they have access to the physical cable, so you're "secure" in the physical way. In a way, encrypting is for wireless what building walls is for the cables. And giving pass-phrases would be adding a door with a key. So, what do you think?

    Read the article

  • Trucrypt or any HDD encryption solution with a bypass?

    - by sorrrydoctorforlove
    Hello experts, in my environment here we have started using trucrypt to encrypt and protect our laptops that are being brought out of the office. The issue comes with the password, we can document the passwords and assign them to users but if they simply use the program to change the password, and then forget it we are in trouble. We backup our data to external locations so it should be fine, but is there any way to install a bypass to be able to boot the laptop or stpo users changing their password (while they have local admin access)? Or should we try another solution? thanks.

    Read the article

  • SSL Proxy: Forwarding without the encryption

    - by John
    I have a python application listening on port 9001 for HTTP traffic. I'm trying to configure Apache (or anything, really) to listen on port 443 for HTTPS connections, and then forward the connection, sans encryption, to port 9001 on the same machine. My application would then reply via the proxy, where the encryption would be reapplied, and returned to the client transparently. I'm not doing anything crazy with the site names and SSL certs, I have one public IP, one hostname, and one SSL cert. Stripping the encryption at the proxy doesn't seem to be a common requirement. Is what I'm asking for a normal requirement? Are there other concerns with this sort of configuration?

    Read the article

  • How to encrypt dual boot windows 7 and xp (bitlocker, truecrypt combo?) on sdd (recommended?)

    - by therobyouknow
    I would like to setup a dual boot Windows 7 and Windows XP laptop/notebook computer where each operation system's partition is fully encrypted. I would like to do this on a SSD - a 128Gb Crucial M4. My research Dual boot of truecrypt encrypted OSs on one drive (not possible - in Truecript 7.x at time of writing) This cannot be done on a standard Truecrypt setup - it will only support encrypting one of the operating systems. I have tried this and also read about it here on superuser.com However, I did see a solution here that uses grub4dos as the initial bootloader to chain to separate truecrypt encrypted OSs, in my case Windows 7 and Windows XP: http://yyzyyz.blogspot.co.uk/2010/06/truecrypt-how-to-encrypt-multiple.html I am not going to consider this solution as it relies upon some custom code for use in the bootloader that is provided by the author. I would prefer a solution that can be fully understood so that I can be sure that there is nothing undesirable occuring (i.e. malware or just simply bugs in the code). I would like to believe such a solution doesn't have those risks but I can't be sure. BitLocker and Truecrypt combination - possible solution? So I am now considering a combination of encryption programs: I now aim to encrypt Windows XP with Truecrypt and Windows 7 with BitLocker. Assuming Truecrypt bootloader can boot into non-Truecrypt OSs (e.g. via hitting Escape to go to another menu), then this solution may be viable. SSDs and Encryption (use fastest possible spinning hard disk instead (?)) I read on various superuser.com posts and elsewhere that current SSDs are not suited to whole drive encryption for various reasons: impact of performance algorithms that give SSDs advantage over spinning harddisks. Algorithms used in compression of data for example. Wear on the SSD, shortening its life Security issues whereby data is repeated, as indicated in some Truecrypt documentation So I am now considering not using SSD. But with the aim to have the fastest drive possible, I am considering using the Western Digital Scorpion black 2.5" 7200rpm harddisk as this appears to be top rated among spinning platter-based harddrives (don't work for Western Digital). Summary So to achieve whole drive encrypted dual boot Windows 7 and Windows XP with minimal performance impact I intend to use a combination of Truecrypt and Bitlocker on a top-rated conventional spinning platter-based harddisk. Questions Will my summary: achieve whole disk encryption of the dual-boot Windows XP, Windows 7? OR an you suggest a simpler solution, including one that only requires only Truecrypt (BitLocker not available on XP). Or another encryption tool, including paid-for? provide the highest performance. Am I correct to avoid using SDD with encryption for the reasons I discovered? Are the concerns about SSDs and encryption still very real (some articles I read go back to 2010) Thanks for your input!

    Read the article

  • Silverlight and Encryption, how to store/generate they key/iv pair?

    - by cmaduro
    I have a Silverlight app that connects to a php webservice. I want to encrypt the communication between the webservice and the Silverlight client. I'm not relying on SSL. I'm encrypting/decrypting the POST string myself using AES 256bit Key and IV. The big questions then are: How do I generate a random unique key/iv pair in PHP. How do I share this key/iv pair between the web service and silverlight client in a secure way. It seems impossible without having some kind of hard coded key or iv on the client. Which would compromise security. This is a public website, there are no logins. Just the requirement of secure communication. I can hard code the seed for the key/iv (which is hashed with SHA256 with a time stamp salt and then assigned as the key or iv) in PHP source code, that's on the server so that is pretty safe. However on the client the seed for the key/iv pair would be visible, if it is hard coded. Further more using a time stamp as the basis for uniqueness/randomness is definitely not ok, since timestamps are predictable. It does however provide a common factor between the C# code and the PHP code. The only other option that I can think of would be to have a 3rd service involved that provides the key/iv to the Silverlight client, as well as the php webservice. This of course start the cycle anew, with the question of how to store the credentials for accessing the key/iv distribution service on the Silverlight client. Sounds like the solution is then asymmetric encryption, since sensitive data will be viewed only on the administrative back end of the website. Unfortunately Silverlight has no asymmetric encryption classes. The solution? Roll my own Diffie-Hellman key exchange! Plug that key into AES256!

    Read the article

  • Securing data inside Azure SQL? Any good libraries or DIY?

    - by Sid
    Azure SQL doesn't support many of the encryption features found in SQL Server (Table and Column encryption). We need to store some sensitive information that needs to be encrypted and we've rolled our own using AesCryptoServiceProvider to encrypt/decrypt data to/from the database. This solves the immediate issue (no cleartext in db) but poses other problems like Key rotation (we have to roll our own code for this, walking through the db converting old cipher text into new cipher text) metadata mapping of which tables and which columns are encrypted. This is simple with it's a few but quickly gets out of hand ... So are there any libraries out there that do this well? Any other resources or design patterns I can be pointed to?

    Read the article

  • Java encryption : with method can get me a shorter message ?

    - by Frank
    I don't know too much about encryption, I just want to ask, which method can get me the shortest result message ? For instance, the message looks like this : "This is the secret input message", I wonder if the encrypted message can be shorter then the above 32 characters long ? Maybe something like "dfkfjkvf12". Frank

    Read the article

  • How to get compatibility between C# and SQL2k8 AES Encryption?

    - by Victor Rodrigues
    I have an AES encryption being made on two columns: one of these columns is stored at a SQL Server 2000 database; the other is stored at a SQL Server 2008 database. As the first column's database (2000) doesn't have native functionality for encryption / decryption, we've decided to do the cryptography logic at application level, with .NET classes, for both. But as the second column's database (2008) allow this kind of functionality, we'd like to make the data migration using the database functions to be faster, since the data migration in SQL 2k is much smaller than this second and it will last more than 50 hours because of being made at application level. My problem started at this point: using the same key, I didn't achieve the same result when encrypting a value, neither the same result size. Below we have the full logic in both sides.. Of course I'm not showing the key, but everything else is the same: private byte[] RijndaelEncrypt(byte[] clearData, byte[] Key) { var memoryStream = new MemoryStream(); Rijndael algorithm = Rijndael.Create(); algorithm.Key = Key; algorithm.IV = InitializationVector; var criptoStream = new CryptoStream(memoryStream, algorithm.CreateEncryptor(), CryptoStreamMode.Write); criptoStream.Write(clearData, 0, clearData.Length); criptoStream.Close(); byte[] encryptedData = memoryStream.ToArray(); return encryptedData; } private byte[] RijndaelDecrypt(byte[] cipherData, byte[] Key) { var memoryStream = new MemoryStream(); Rijndael algorithm = Rijndael.Create(); algorithm.Key = Key; algorithm.IV = InitializationVector; var criptoStream = new CryptoStream(memoryStream, algorithm.CreateDecryptor(), CryptoStreamMode.Write); criptoStream.Write(cipherData, 0, cipherData.Length); criptoStream.Close(); byte[] decryptedData = memoryStream.ToArray(); return decryptedData; } This is the SQL Code sample: open symmetric key columnKey decryption by password = N'{pwd!!i_ll_not_show_it_here}' declare @enc varchar(max) set @enc = dbo.VarBinarytoBase64(EncryptByKey(Key_GUID('columnKey'), 'blablabla')) select LEN(@enc), @enc This varbinaryToBase64 is a tested sql function we use to convert varbinary to the same format we use to store strings in the .net application. The result in C# is: eg0wgTeR3noWYgvdmpzTKijkdtTsdvnvKzh+uhyN3Lo= The same result in SQL2k8 is: AI0zI7D77EmqgTQrdgMBHAEAAACyACXb+P3HvctA0yBduAuwPS4Ah3AB4Dbdj2KBGC1Dk4b8GEbtXs5fINzvusp8FRBknF15Br2xI1CqP0Qb/M4w I just didn't get yet what I'm doing wrong. Do you have any ideas? EDIT: One point I think is crucial: I have one Initialization Vector at my C# code, 16 bytes. This IV is not set at SQL symmetric key, could I do this? But even not filling the IV in C#, I get very different results, both in content and length.

    Read the article

  • Windows 2008 R2 IPsec encryption in tunnel mode, hosts in same subnet

    - by fission
    In Windows there appear to be two ways to set up IPsec: The IP Security Policy Management MMC snap-in (part of secpol.msc, introduced in Windows 2000). The Windows Firewall with Advanced Security MMC snap-in (wf.msc, introduced in Windows 2008/Vista). My question concerns #2 – I already figured out what I need to know for #1. (But I want to use the ‘new’ snap-in for its improved encryption capabilities.) I have two Windows Server 2008 R2 computers in the same domain (domain members), on the same subnet: server2 172.16.11.20 server3 172.16.11.30 My goal is to encrypt all communication between these two machines using IPsec in tunnel mode, so that the protocol stack is: IP ESP IP …etc. First, on each computer, I created a Connection Security Rule: Endpoint 1: (local IP address), eg 172.16.11.20 for server2 Endpoint 2: (remote IP address), eg 172.16.11.30 Protocol: Any Authentication: Require inbound and outbound, Computer (Kerberos V5) IPsec tunnel: Exempt IPsec protected connections Local tunnel endpoint: Any Remote tunnel endpoint: (remote IP address), eg 172.16.11.30 At this point, I can ping each machine, and Wireshark shows me the protocol stack; however, nothing is encrypted (which is expected at this point). I know that it's unencrypted because Wireshark can decode it (using the setting Attempt to detect/decode NULL encrypted ESP payloads) and the Monitor Security Associations Quick Mode display shows ESP Encryption: None. Then on each server, I created Inbound and Outbound Rules: Protocol: Any Local IP addresses: (local IP address), eg 172.16.11.20 Remote IP addresses: (remote IP address), eg 172.16.11.30 Action: Allow the connection if it is secure Require the connections to be encrypted The problem: Though I create the Inbound and Outbound Rules on each server to enable encryption, the data is still going over the wire (wrapped in ESP) with NULL encryption. (You can see this in Wireshark.) When the arrives at the receiving end, it's rejected (presumably because it's unencrypted). [And, disabling the Inbound rule on the receiving end causes it to lock up and/or bluescreen – fun!] The Windows Firewall log says, eg: 2014-05-30 22:26:28 DROP ICMP 172.16.11.20 172.16.11.30 - - 60 - - - - 8 0 - RECEIVE I've tried varying a few things: In the Rules, setting the local IP address to Any Toggling the Exempt IPsec protected connections setting Disabling rules (eg disabling one or both sets of Inbound or Outbound rules) Changing the protocol (eg to just TCP) But realistically there aren't that many knobs to turn. Does anyone have any ideas? Has anyone tried to set up tunnel mode between two hosts using Windows Firewall? I've successfully got it set up in transport mode (ie no tunnel) using exactly the same set of rules, so I'm a bit surprised that it didn't Just Work™ with the tunnel added.

    Read the article

  • Why RSA Decryption process takes longer time than the Encryption process?

    - by Tara Singh
    I have some idea that it is due to some complex calculation, but i want to know about what exactly happens which takes long time than the corresponding encryption process. Any link to webpage or paper would be of great help. Thanks Thanks for the answers, One more Doubt, What about the Signing and verification? Will this time difference be there for Signing and verification also? Ex. Signing requires more time than Verification?

    Read the article

  • Why Most Web Services Don’t Use End-to-End Encryption

    - by Chris Hoffman
    Recent revelations about government surveillance have raised the question: why don’t cloud services encrypt your data? Well, they generally do encrypt your data, but they have the key so they can decrypt it any time they like. The real question is: Why don’t web services encrypt and decrypt your data locally, so that it’s stored in an encrypted form no one can snoop on? LastPass does this with your password database, after all.    

    Read the article

< Previous Page | 8 9 10 11 12 13 14 15 16 17 18 19  | Next Page >