Search Results

Search found 1485 results on 60 pages for 'encrypted'.

Page 19/60 | < Previous Page | 15 16 17 18 19 20 21 22 23 24 25 26  | Next Page >

  • Where is the encfs volume key stored?

    - by Waldorf
    I am trying to use encfs in reverse mode. I understand that the passphase is used to encrypt a key which is then stored encrypted into the encfs6.xml file. What I do not understand is the following. Create en encrypted virtual fs of a folder by using passphrase A unmount this folder. Delete all contents including the encfs6.xml file If you then try to do the same with another passphrse I would expect that a new encfs6.xml would be created. However I get the following error message: "Error decoding volume key, password incorrect" So I wonder, what volume key is incorrect, I thought it was in the encfs6.xml file ?

    Read the article

  • Encrypt connection between apache web server and mysql server.

    - by microchasm
    I'm setting up a local webapp. I have a CentOS-5 box that will be the webserver (Apache 2.2). I have another box (RHEL5) that will be used only for MySQL. The data will be encrypted on the webserver via PHP before being sent to the MySQL box and inserted into the db. All web-based connections to the webserver will be encrypted via SSL. From the research I've done, it's not totally clear on whether or not there is a need to encrypt the connection to the db from webserver (NB paranoia level: Orange). If it is not overkill, or even if it is (unless it is a really bad idea for some reason), any advice or pointers on the direction to take to get this done would be appreciated.

    Read the article

  • AFP / Apple Filling Protocol aka Netatalk access over Internet

    - by PJJ
    I got a simple cloud server and thought it would be nice to have mac native afp Volumes accesss. Installed Netatalk and this seems to work pretty nice. No sensitive data or something but I don't like to wake up someday and have my www docs rm-rfed by some kid h4x0r. Q1: Is afp encrypted? Q2: How can I make it (semi)secure? Q3: Does VPN makes sense for this? Q4: What would you do to get afp working over net? Opening any service meant for Lan only is a basic flaw, i know - but me be ignorant about it. According to Apple Dev only the authentication is encrypted or am I mssing something?

    Read the article

  • Security of BitLocker with no PIN from WinPE?

    - by Scott Bussinger
    Say you have a computer with the system drive encrypted by BitLocker and you're not using a PIN so the computer will boot up unattended. What happens if an attacker boots the system up into the Windows Preinstallation Environment? Will they have access to the encrypted drive? Does it change if you have a TPM vs. using only a USB startup key? What I'm trying to determine is whether the TPM / USB startup key is usable without booting from the original operating system. In other words, if you're using a USB startup key and the machine is rebooted normally then the data would still be protected unless an attacker was able to log in. But what if the hacker just boots the server into a Windows Preinstallation Environment with the USB startup key plugged in? Would they then have access to the data? Or would that require the recovery key? Ideally the recovery key would be required when booted like this, but I haven't seen this documented anywhere.

    Read the article

  • Encryption of external HDD -- accessible from windows without installation

    - by Rainer
    I would like to use encryption on my external HDD but I would like to be able to access the encrypted data from Windows as well. As suggested in other questions, TrueCrypt is one option here, or I am using momentarily encfs, which is not available for Windows. But my question goes further: I would like to be able to access the encrypted partition from Windows without installation as I will be using it from different Windows machines for which I have no administrator access. My main OS is Linux and I have full root access to that computer. Is there a full disk or file based encryption which I can use cross platform and which does not require installation under Windows? ADDITION: It seems that TrueCrypt provides a portable mode which fulfills my requirements partly: http://www.truecrypt.org/docs/?s=truecrypt-portable, but still the TrueCrypt driver needs to be installed by an administrator... pitty Thanks

    Read the article

  • Windows 2008 R2 IPsec encryption in tunnel mode, hosts in same subnet

    - by fission
    In Windows there appear to be two ways to set up IPsec: The IP Security Policy Management MMC snap-in (part of secpol.msc, introduced in Windows 2000). The Windows Firewall with Advanced Security MMC snap-in (wf.msc, introduced in Windows 2008/Vista). My question concerns #2 – I already figured out what I need to know for #1. (But I want to use the ‘new’ snap-in for its improved encryption capabilities.) I have two Windows Server 2008 R2 computers in the same domain (domain members), on the same subnet: server2 172.16.11.20 server3 172.16.11.30 My goal is to encrypt all communication between these two machines using IPsec in tunnel mode, so that the protocol stack is: IP ESP IP …etc. First, on each computer, I created a Connection Security Rule: Endpoint 1: (local IP address), eg 172.16.11.20 for server2 Endpoint 2: (remote IP address), eg 172.16.11.30 Protocol: Any Authentication: Require inbound and outbound, Computer (Kerberos V5) IPsec tunnel: Exempt IPsec protected connections Local tunnel endpoint: Any Remote tunnel endpoint: (remote IP address), eg 172.16.11.30 At this point, I can ping each machine, and Wireshark shows me the protocol stack; however, nothing is encrypted (which is expected at this point). I know that it's unencrypted because Wireshark can decode it (using the setting Attempt to detect/decode NULL encrypted ESP payloads) and the Monitor Security Associations Quick Mode display shows ESP Encryption: None. Then on each server, I created Inbound and Outbound Rules: Protocol: Any Local IP addresses: (local IP address), eg 172.16.11.20 Remote IP addresses: (remote IP address), eg 172.16.11.30 Action: Allow the connection if it is secure Require the connections to be encrypted The problem: Though I create the Inbound and Outbound Rules on each server to enable encryption, the data is still going over the wire (wrapped in ESP) with NULL encryption. (You can see this in Wireshark.) When the arrives at the receiving end, it's rejected (presumably because it's unencrypted). [And, disabling the Inbound rule on the receiving end causes it to lock up and/or bluescreen – fun!] The Windows Firewall log says, eg: 2014-05-30 22:26:28 DROP ICMP 172.16.11.20 172.16.11.30 - - 60 - - - - 8 0 - RECEIVE I've tried varying a few things: In the Rules, setting the local IP address to Any Toggling the Exempt IPsec protected connections setting Disabling rules (eg disabling one or both sets of Inbound or Outbound rules) Changing the protocol (eg to just TCP) But realistically there aren't that many knobs to turn. Does anyone have any ideas? Has anyone tried to set up tunnel mode between two hosts using Windows Firewall? I've successfully got it set up in transport mode (ie no tunnel) using exactly the same set of rules, so I'm a bit surprised that it didn't Just Work™ with the tunnel added.

    Read the article

  • How can I use encryption with Gmail?

    - by Torben Gundtofte-Bruun
    I'm currently reading Cory Doctorow's novel Little Brother which includes a part about encrypted messaging, and even wrapping messages first in my private key and then your public key. I'd like to play around with that but from what I've googled so far it seems to be a rather convoluted process, requiring installing several program components, and creating an encrypted message requires doing some manual file manipulation. I'm surprised that I can't find something like a Firefox plugin that integrates encryption into Gmail. I've seen that there is a Thunderbird PGP plugin, but I don't use T-bird. I also saw a blog post that Google apparently toyed with PGP support in 2009, but nothing has appeared in the meantime. Question: To use encryption with Gmail, is there a simpler method than creating a file locally, then encrypting that file, and finally attaching it to a regular Gmail message?

    Read the article

  • LDAP encrypt attribute that extends userpassword

    - by Foezjie
    In my current LDAP schema I have an objectclass (let's call it group) that has 2 attributes that extend userpassword. Like this: attributeType ( groupAttributes:12 NAME 'groupPassword1' SUP userPassword SINGLE-VALUE ) attributeType ( groupAttributes:13 NAME 'groupPassword2' SUP userPassword SINGLE-VALUE ) group extends organisation so already has a userpassword attribute. If I use that to enter a new group using PHPLDAPAdmin it uses SSHA (by default) and encrypts/hashes the password I entered. But the passwords I entered for groupPassword1 en groupPassword2 don't get encrypted. Is there a way to make it so that those attributes are encrypted too?

    Read the article

  • Our company claims that the DLP system can even monitor the contents of HTTPS traffic, how is this possible?

    - by Ryan
    There is software installed on all client machines for DLP (Data Loss Prevention) and HIPAA compliance. Supposedly it can read HTTPS data clearly. I always thought that between the browser and the server, this was encrypted entirely. How can software sneak in and grab this data from the browser prior to it is encrypted or after it is decrypted? I am just curious as to how this could be possible. I would think that a browser wouldn't be considered very secure if this was possible.

    Read the article

  • strategy /insights for avoiding document content loss due to encryption

    - by pbernatchez
    I'm about to encourage a group of people to begin using S-Mime and GPG for digital signatures and encryption. I foresee a nightmare of encrypted documents which can no longer be recovered because of lost keys. The thorniest issue is archiving. The natural way to preserve privacy in an archive is to archive the encrypted document. But that opens us up to the risk of a lost key when time comes to unarchive a document, or a forgotten password. After all it will be a long way in the future. This would be equivalent to having destroyed the document. First thought is archiving keys with documents, but that still leaves the forgotten pass phrase. Archiving the passphrase too would be tantamount to archiving in the clear. No privacy. What approaches do you use? What insights can you offer on the issue?

    Read the article

  • The best way to make full system dump on Centos [duplicate]

    - by tester3
    This question already has an answer here: Centos 5 Full backup 1 answer I am on Centos 6.5 with a lot of soft and services installed and working. Also I've got a lot of configs which damaged my brain and I dont want to do it again:) So, can anyone please advice the best way to make a full system dump with all data, so I need only to copy-paste them to new system to get my system ready on the other machine. Or something like that? P.S. Data on my hdd is encrypted, and I'd liked and encrypted dump too. Please help:)

    Read the article

  • Can GnomeKeyring store passwords unencrypted?

    - by antimeme
    I have a Fedora 15 laptop with the root and home partitions encrypted using LUKS. When it boots I have to enter a pass phrase to unlock the master key, so I have it configured to automatically log me in to my account. However, GnomeKeyring remains locked, so I have to enter another pass phrase for that. This is unpleasant and completely pointless since the entire disk is encrypted. I've not been able to find a way to configure GnomeKeyring to store its pass phrases without encryption. For example, I was not able to find an answer here: http://library.gnome.org/users/seahorse-plugins/stable/index.html.en Is there a solution? If not, is there a mailing list where it would be appropriate to plead my case?

    Read the article

  • (Possibly) Corrupted DDCrypt self-decrypting file

    - by sca
    I recently discovered some files I had encrypted and archived on a CD using DDCrypt 2.0, which is a small encryption utility from back in the day. One of its functions is to create self-decrypting files, which are essentially EXE files that you can enter a password and then have the file extracted onto your filesystem. Unfortunately, I can't seem to get them to do this properly. They appear to be decrypting and then at the last moment I get the error: Error opening encrypted file C:\users\username\Temp\dde3cfa.tmp Reason: Success and then another dialog immediately says Error extracting ddc file. I'm not really sure what this means (certainly not success), but I've checked out the temporary file and it appears to be garbage data (although of the right file size). I don't know if anyone has an idea what might be done here to extract the files, or has dealt with a similar situation before. Any ideas are appreciated! Thank you in advance for your time and any help you can provide.

    Read the article

  • CryptoExcercise Encryption/Decryption Problem

    - by venkat
    I am using apples "cryptoexcercise" (Security.Framework) in my application to encrypt and decrypt a data of numeric value. When I give the input 950,128 the values got encrypted, but it is not getting decrypted and exists with the encrypted value only. This happens only with the mentioned numeric values. Could you please check this issue and give the solution to solve this problem? here is my code (void)testAsymmetricEncryptionAndDecryption { uint8_t *plainBuffer; uint8_t *cipherBuffer; uint8_t *decryptedBuffer; const char inputString[] = "950"; int len = strlen(inputString); if (len > BUFFER_SIZE) len = BUFFER_SIZE-1; plainBuffer = (uint8_t *)calloc(BUFFER_SIZE, sizeof(uint8_t)); cipherBuffer = (uint8_t *)calloc(CIPHER_BUFFER_SIZE, sizeof(uint8_t)); decryptedBuffer = (uint8_t *)calloc(BUFFER_SIZE, sizeof(uint8_t)); strncpy( (char *)plainBuffer, inputString, len); NSLog(@"plain text : %s", plainBuffer); [self encryptWithPublicKey:(UInt8 *)plainBuffer cipherBuffer:cipherBuffer]; NSLog(@"encrypted data: %s", cipherBuffer); [self decryptWithPrivateKey:cipherBuffer plainBuffer:decryptedBuffer]; NSLog(@"decrypted data: %s", decryptedBuffer); free(plainBuffer); free(cipherBuffer); free(decryptedBuffer); } (void)encryptWithPublicKey:(uint8_t *)plainBuffer cipherBuffer:(uint8_t *)cipherBuffer { OSStatus status = noErr; size_t plainBufferSize = strlen((char *)plainBuffer); size_t cipherBufferSize = CIPHER_BUFFER_SIZE; NSLog(@"SecKeyGetBlockSize() public = %d", SecKeyGetBlockSize([self getPublicKeyRef])); // Error handling // Encrypt using the public. status = SecKeyEncrypt([self getPublicKeyRef], PADDING, plainBuffer, plainBufferSize, &cipherBuffer[0], &cipherBufferSize ); NSLog(@"encryption result code: %d (size: %d)", status, cipherBufferSize); NSLog(@"encrypted text: %s", cipherBuffer); } (void)decryptWithPrivateKey:(uint8_t *)cipherBuffer plainBuffer:(uint8_t *)plainBuffer { OSStatus status = noErr; size_t cipherBufferSize = strlen((char *)cipherBuffer); NSLog(@"decryptWithPrivateKey: length of buffer: %d", BUFFER_SIZE); NSLog(@"decryptWithPrivateKey: length of input: %d", cipherBufferSize); // DECRYPTION size_t plainBufferSize = BUFFER_SIZE; // Error handling status = SecKeyDecrypt([self getPrivateKeyRef], PADDING, &cipherBuffer[0], cipherBufferSize, &plainBuffer[0], &plainBufferSize ); NSLog(@"decryption result code: %d (size: %d)", status, plainBufferSize); NSLog(@"FINAL decrypted text: %s", plainBuffer); } (SecKeyRef)getPublicKeyRef { OSStatus sanityCheck = noErr; SecKeyRef publicKeyReference = NULL; if (publicKeyRef == NULL) { NSMutableDictionary *queryPublicKey = [[NSMutableDictionary alloc] init]; // Set the public key query dictionary. [queryPublicKey setObject:(id)kSecClassKey forKey:(id)kSecClass]; [queryPublicKey setObject:publicTag forKey:(id)kSecAttrApplicationTag]; [queryPublicKey setObject:(id)kSecAttrKeyTypeRSA forKey:(id)kSecAttrKeyType]; [queryPublicKey setObject:[NSNumber numberWithBool:YES] forKey:(id)kSecReturnRef]; // Get the key. sanityCheck = SecItemCopyMatching((CFDictionaryRef)queryPublicKey, (CFTypeRef *)&publicKeyReference); if (sanityCheck != noErr) { publicKeyReference = NULL; } [queryPublicKey release]; } else { publicKeyReference = publicKeyRef; } return publicKeyReference; } (SecKeyRef)getPrivateKeyRef { OSStatus resultCode = noErr; SecKeyRef privateKeyReference = NULL; if(privateKeyRef == NULL) { NSMutableDictionary * queryPrivateKey = [[NSMutableDictionary alloc] init]; // Set the private key query dictionary. [queryPrivateKey setObject:(id)kSecClassKey forKey:(id)kSecClass]; [queryPrivateKey setObject:privateTag forKey:(id)kSecAttrApplicationTag]; [queryPrivateKey setObject:(id)kSecAttrKeyTypeRSA forKey:(id)kSecAttrKeyType]; [queryPrivateKey setObject:[NSNumber numberWithBool:YES] forKey:(id)kSecReturnRef]; // Get the key. resultCode = SecItemCopyMatching((CFDictionaryRef)queryPrivateKey, (CFTypeRef *)&privateKeyReference); NSLog(@"getPrivateKey: result code: %d", resultCode); if(resultCode != noErr) { privateKeyReference = NULL; } [queryPrivateKey release]; } else { privateKeyReference = privateKeyRef; } return privateKeyReference; }

    Read the article

  • CodePlex Daily Summary for Wednesday, March 10, 2010

    CodePlex Daily Summary for Wednesday, March 10, 2010New ProjectsASP.NET jQuery MessageBox: The ASP.NET jQuery it's an Web User Control that uses jQuery framework to enable diferent ways to present information to the user, by using these ...CommentRemover: Utility for removing comments from source codes. Support PL/SQL, Delphi, C/C#/C++ Developed in C# Requirement Microsoft .NET Framework 3.5DotNetNuke® RadMenu: DNNRadMenu makes it easy to create skins which use telerik RadMenu functionality. Licensing permits anyone (including designers) to use the compon...DotNetNuke® Skin AlphaBrisk: A DotNetNuke Design Challenge skin package submitted to the "Web Standards" category by dnnskin.net. Eight themes using transparent png, div, CSS, ...DotNetNuke® Skin Collaborate: A DotNetNuke Design Challenge skin package submitted to the "Modern Business" category by Cuong Dang of R2Integrated. This package is 100% XHTML an...DotNetNuke® Skin TR: A DotNetNuke Design Challenge skin package submitted to the "Out of the box" category by Tracy Wittenkeller of T-Worx. This package is 100% XHTML, ...Encrypted Notes: Encrypted Notes is similar to Notes, but uses Triple DES to encrypt text and files. It has a random key generator, and can save the key. It is deve...FalconLobby: FalconLobby is an authorized AddOn for Falcon 4.0 Allied Force which was created to support the multiplayer experience. FalconLobby retrieves the l...INETA Europe WebSite: Website for INETA EuropeInsert a Favorite (Bookmark) plugin for Windows Live Writer: This Windows Live Writer plugin allows you to select a Favorite (Bookmark) and insert it into your blog entry.Javascript Lib: an javascript libraryjqGrid ASP.Net MVC Control: A fully integrated ASP.Net MVC (2.0) grid control based on the successfull jqGrid plugin for the jQuery jscript framework. Among the features of...Mosaictor: Mosaictor is a per project of mine that I started halfway my education. It is a photo mosaic creator using locally saved files and files obtained t...Notes: Notes is a simple but fast text editor. It can save in many text formats, and includes many features, such as templates (soon to be customizable), ...notmuchweb: A web frontend for notmuchPervasiveID: The PID is actively involved in Open Source ID community-building and education. PID members frequently travel the world to attend ID conferences a...Proyect Electronica: Proyecto de electronicaRapidshare Downloader 2: Rapidshare Downloader 2ROAD is Rapid Oberon Application Development: A suite of integrated tools for the develpment of Oberon-2 applicationSDNTFSIntegration: TFS Integration.SilverlightImageUpload: SilverlightImageUploadSMIL - SharePoint Map Integration Layer: .Useful SharePoint Site Workflow Utilities: This project aims to make it easy use SharePoint 2010's Site Workflows as "event handlers" for various back end systems by providing ways to start ...Windows Media Autorization: Windows Media Autorizaton PlugIn for windows media 9 WinMo Twitter Widget StarterKit: This project will allow you to quickly create Widgets that run on a Windows Mobile 6.5 phone to allow you to view Tweets designated by a hash tag. ...XNA 3D World Studio Content Pipeline: XNA 3D World Studio Content Pipeline New ReleasesAPSales - CRM Software as a Service: APSales 0.1.2: This version add some interesting features to the project: Implements a Grid Control Custom View Query Use lastest version(2.0.2) of APEnnead.net ...ASP.NET jQuery MessageBox: ASP.NET jQuery MessageBox 0.1: Project Description The ASP.NET jQuery it's an Web User Control que uses jQuery framework to enable diferent ways to present information to the use...BTP Tools: CSBC+CUVC+HCSBC.dict files 2010-03-09: a space character should be only between <Strong Number Pattern> and <Count> like: <Text><Strong Number pattern><space character> <Count> The abov...Citrix HDX MediaStream for Flash System Verifier: HDX Flash Verifier Beta (v1.20): Reduced the number of exceptions that terminate the verification process.Code examples, utilities and misc from Lars Wilhelmsen [MVP]: LarsW.MexEdmxFixer 1.5: Added some missing sub elements from the EDMX file's Designer element; Connection and Output. Without them, some of the properties in the designer ...CommonLibrary.NET: CommonLibrary.NET 0.9.4 - Beta 2: A collection of very reusable code and components in C# 3.5 ranging from ActiveRecord, Csv, Command Line Parsing, Configuration, Holiday Calendars,...Encrypted Notes: Source Code: This has the all the code for Encrypted Notes in a Text file.Hybrid Windows Service: Release Assembly: Main Assembly. Usage: 1. Add reference to this dll in your 'Windows Service' project. 2. Replace references to ServiceBase to HybridServiceBase in...jqGrid ASP.Net MVC Control: Version 1.0.0.0: Initial Versionkdar: KDAR 0.0.16: KDAR - Kernel Debugger Anti Rootkit - KINTERRUPT object check added - load image notifier check addedlatex2mathml: 1.0 alpha: This is the first public release of Latex2MathML. Lots are left to add and fix. I encourage you to test it. If something goes wrong, send me the lo...MapWindow GIS: MapWindow 6.0 msi (March 9): This fixes a bug with saving and opening maps.Microsoft Research Biology Extension for Excel: MSR Biology Extension for Excel - Beta 2 (Update): This is an updated release for the Beta 2 Installer for the MSR Biology Extension for Excel. A couple of identified issues with the installation f...Notes: Notes 5.2: This is the latest version of Notes (5.2). It has an installer - it will create a directory 'CPascoe' in My Documents. Once you have extracted the...Notes: Source Code: This has the all the code for Notes in a Text file.RedBulb for XNA Framework: Tree Massacre XMAS Edition (Sample): Tree Massacre XMAS Edition Source Code and Creators Club Package http://bayimg.com/image/jalkiaacb.jpgRoTwee: RoTwee (7.0.2.0): Now color mode is introduced to RoTwee. Push change color button and you can change color mode of RoTwee. Recommended mode is active rainbow mode :)SharePoint Team-Mailer: SharePoint Team-Mailer v1.0: Recommended versionsPWadmin: pwAdmin v0.7_nightly: Nightly Build --------------------- + Target JRE -> 1.5.0_21 + Target ApplicationServer -> Apache Tomcat 5.5.28 + Added xml editor (only working fo...SQL Server PowerShell Extensions: 2.1 Production: Release 2.1 re-implements SQLPSX as PowersShell version 2.0 modules. SQLPSX consists of 9 modules with 133 advanced functions, 2 cmdlets and 7 scri...TMap for VS2010: TMap for VS2010 (MSF Agile) RC Release: Release of the TMap process template for VS2010 combined with the MSF Agile process template basd on the Release Candidate. The references to the g...TS3QueryLib.Net: TS3QueryLib.Net Version 0.19.14.0: Changelog Added property "IsClientRecording" to class "ClientListEntry" which is used in method "GetClientList" of QueryRunner class. (Change of Be...VCC: Latest build, v2.1.30309.0: Automatic drop of latest buildWinMo Twitter Widget StarterKit: Tweet Viewer Files: Files necessary to create your own Tweet ViewerWPF AutoComplete TextBox Control: Version 1.1: This release includes accumulated bug fixes since the initial release. Besides, adds experimental asynchronous support. Sample application gets...XNA 3D World Studio Content Pipeline: XNA 3DWS Content Pipeline: This is an rar file containing the latest content importer codeMost Popular ProjectsMetaSharpWBFS ManagerRawrAJAX Control ToolkitMicrosoft SQL Server Product Samples: DatabaseSilverlight ToolkitWindows Presentation Foundation (WPF)ASP.NETMicrosoft SQL Server Community & SamplesASP.NET Ajax LibraryMost Active ProjectsUmbraco CMSRawrSDS: Scientific DataSet library and toolsjQuery Library for SharePoint Web ServicesBlogEngine.NETN2 CMSFasterflect - A Fast and Simple Reflection APIFarseer Physics Enginepatterns & practices – Enterprise LibraryCaliburn: An Application Framework for WPF and Silverlight

    Read the article

  • Is this a secure solution for RESTful authentication?

    - by Chad Johnson
    I need to quickly implement a RESTful authentication system for my JavaScript application to use. I think I understand how it should work, but I just want to double check. Here's what I'm thinking -- what do you guys think? Database schema users id : integer first_name : varchar(50) last_name : varchar(50) password : varchar(32) (MD5 hashed) etc. user_authentications id : integer user_id : integer auth_token : varchar(32) (AES encrypted, with keys outside database) access_token : varchar(32) (AES encrypted, with keys outside database) active : boolean Steps The following happens over SSL. I'm using Sinatra for the API. JavaScript requests authentication via POST to /users/auth/token. The /users/auth/token API method generates an auth_token hash, creates a record in user_authentications, and returns auth_token. JavaScript hashes the user's password and then salts it with auth_token -- SHA(access_token + MD5(password)) POST the user's username and hashed+salted password to /users/auth/authenticate. The /users/auth/authenticate API method will verify that SHA(AES.decrypt(access_token) + user.password) == what was received via POST. The /users/auth/authenticate will generate, AES encrypt, store, and return an access token if verification is successful; otherwise, it will return 401 Unauthorized. For any future requests against the API, JavaScript will include access_token, and the API will find the user account based on that.

    Read the article

  • C # - a variable using the Encrypt md5

    - by Guilherme Cardoso
    When we are dealing with more sensitive data and important as a keyword, it is not appropriate at all stores them in database without encrypting for security reasons.  For this we use MD5  MD5 is an algorithm that allow us to encript an string, but doesn't leave us desencrypt it (not sure if it is already possible, but at least I know there are many databases already having a record).  The method below will return us a variable encrypted with md5. For example: md5_encriptar (pontonetpt.com ");   The result will be: 34efe85d338075834ad41803eb08c0df This way we save tthese encrypted data into a database, and then to make comparisons we often use the method to compare with the records kept. public string md5_encrypt(string md5) { System.Security.Cryptography.MD5CryptoServiceProvider x = new System.Security.Cryptography.MD5CryptoServiceProvider(); byte[] bs = System.Text.Encoding.UTF8.GetBytes(md5); bs = x.ComputeHash(bs); System.Text.StringBuilder s = new System.Text.StringBuilder(); foreach (byte b in bs) { s.Append(b.ToString("x2").ToLower()); } string password = s.ToString(); return password; }

    Read the article

  • Encrypting a non-linux partition with LUKS.

    - by linuxn00b
    I have a non-Linux partition I want to encrypt with LUKS. The goal is to be able to store it by itself on a device without Linux and access it from the device when needed with an Ubuntu Live CD. I know LUKS can't encrypt partitions in place, so I created another, unformatted partition of the EXACT same size (using GParted's "Round to MiB" option) and ran this command: sudo cryptsetup luksFormat /dev/xxx Where xxx is the partition's device name. Then I typed in my new passphrase and confirmed it. Oddly, the command exited immediately after, so I guess it doesn't encrypt the entire partition right away? Anyway, then I ran this command: sudo cryptsetup luksOpen /dev/xxx xxx Then I tried copying the contents of the existing partition (call it yyy) to the encrypted one like this: sudo dd if=/dev/yyy of=/dev/mapper/xxx bs=1MB and it ran for a while, but exited with this: dd: writing `/dev/mapper/xxx': No space left on device just before writing the last MB. I take this to mean the contents of yyy was truncated when it was copied to xxx, because I have dd'd it before, and whenever I have dd'd to a partition of the exact same size, I never get that error. (and fdisk reports they are the same size in blocks). After a little Googling I discovered all luksFormat'ted partitions have a custom header followed by the encrypted contents. So it appears I need to create a partition exactly the size of the old one + however many bytes a LUKS header is. What size should the destination partition be, no. 1, and no. 2, am I even on the right track here? UPDATE I found this in the LUKS FAQ: I think this is overly complicated. Is there an alternative? Yes, you can use plain dm-crypt. It does not allow multiple passphrases, but on the plus side, it has zero on disk description and if you overwrite some part of a plain dm-crypt partition, exactly the overwritten parts are lost (rounded up to sector borders). So perhaps I shouldn't be using LUKS at all?

    Read the article

  • Leveraging .Net 4.0 Framework Tools For Encrypting Web Configuration Sections

    - by Sam Abraham
    I would like to share a few points with regards to encrypting web configuration sections in .Net 4.0. This information is also applicable to .Net 3.5 and 2.0. Two methods can work perfectly for encrypting connection strings in a Web project configuration file:   1-Do It All Yourself! In this approach, helper functions for encrypting/decrypting configuration file content are implemented. Program would explicitly retrieve appropriate content from configuration file then decrypt it appropriately.  Disadvantages of this implementation would be the added overhead for maintaining the encryption/decryption code as well the burden of always ensuring sections are appropriately decrypted before use and encrypted appropriately whenever edited.   2- Leverage the .Net 4.0 Framework (The Way to go!) Fortunately, all needed tools for protecting configuration files are built-in to the .Net 2.0/3.5/4.0 versions with very little setup needed. To encrypt connection strings, one can use the ASP.Net IIS Registration Tool (Aspnet_regiis.exe). Note that a 64-bit version of the tool also exists under the Framework64 folder for 64-bit systems. The command we need to encrypt our web.config file connection strings is simply the following:   Aspnet_regiis –pe “connectionstrings” –app “/sampleApplication” –prov “RsaProtectedConfigurationProvider”   To later decrypt this configuration section:   Aspnet_regiis –pd “connectionstrings” –app “/SampleApplication”   The following is a brief description of the command line options used in the example above. Aspnet_regiis supports many more options which you can read about in the links provided for reference below.   Option Description -pe  Section name to encrypt -pd  Section name to decrypt -app  Web application name -prov  Encryption/Decryption provider   ASP.Net automatically decrypts the content of the Web.Config file at runtime so no programming changes are needed.   Another tool, aspnet_setreg.exe is to be used if certain configuration file sections pertinent to the .Net runtime are to be encrypted. For more information on when and how to use aspnet_setreg, please refer to the references below.   Hope this helps!   Some great references concerning the topic:   http://msdn.microsoft.com/en-us/library/ff650037.aspx http://msdn.microsoft.com/en-us/library/zhhddkxy.aspx http://msdn.microsoft.com/en-us/library/dtkwfdky.aspx http://msdn.microsoft.com/en-us/library/68ze1hb2.aspx

    Read the article

  • Compute the AES-encryption key given the plaintext and its ciphertext?

    - by Null Pointers etc.
    I'm tasked with creating database tables in Oracle which contain encrypted strings (i.e., the columns are RAW). The strings are encrypted by the application (using AES, 128-bit key) and stored in Oracle, then later retrieved from Oracle and decrypted (i.e., Oracle itself never sees the unencrypted strings). I've come across this one column that will be one of two strings. I'm worried that someone will notice and presumably figure out what those two values to figure out the AES key. For example, if someone sees that the column is either Ciphertext #1 or #2: Ciphertext #1: BF,4F,8B,FE, 60,D8,33,56, 1B,F2,35,72, 49,20,DE,C6. Ciphertext #2: BC,E8,54,BD, F4,B3,36,3B, DD,70,76,45, 29,28,50,07. and knows the corresponding Plaintexts: Plaintext #1 ("Detroit"): 44,00,65,00, 74,00,72,00, 6F,00,69,00, 74,00,00,00. Plaintext #2 ("Chicago"): 43,00,68,00, 69,00,63,00, 61,00,67,00, 6F,00,00,00. can he deduce that the encryption key is "Buffalo"? 42,00,75,00, 66,00,66,00, 61,00,6C,00, 6F,00,00,00. I'm thinking that there should be only one 128-bit key that could convert Plaintext #1 to Ciphertext #1. Does this mean I should go to a 192-bit or 256-bit key instead, or find some other solution? (As an aside, here are two other ciphertexts for the same plaintexts but with a different key.) Ciphertext #1 A ("Detroit"): E4,28,29,E3, 6E,C2,64,FA, A1,F4,F4,96, FC,18,4A,C5. Ciphertext #2 A ("Chicago"): EA,87,30,F0, AC,44,5D,ED, FD,EB,A8,79, 83,59,53,B7.

    Read the article

  • 13.10 doesn't boot on Vaio Pro 13

    - by vaioonbuntu
    I just installed Ubuntu 13.10 on my new Vaio Pro 13, disabled safe mode, but used UEFI and not legacy mode. I did an encrypted LVM installation and erased the complete SSD. It booted just fine from USB, but after installation it doesn't boot. The Vaio failed boot screen appears. I then tried this advice here: 13.10 on vaio pro with UEFI sadly it fails for me with "/usr/sbin/grub-probe: error: failed to get canonical path of /cow." I then tried mounted the encrypted partition with Nautilus and tried this: Cannot update grub with paramters on live USB With /dev/sda2 and then to install GRUB to /dev/sda. Didn't succeed and warned me that the "GPT partition label contains no BIOS Boot Partition; embedding won't be possible" What do i have to do, go fix GRUB and be able to boot my finished install? Here's my Boot Repair Log: http://paste.ubuntu.com/6386598/ I would really appreciate any help, I'm so happy to finally be able to ditch my big fat Macbook Pro and use Ubuntu on my new, light Vaio Pro, if only I could fix GRUB. best, x

    Read the article

  • Is file permission secured when it transferred from Ubuntu to Windows?

    - by Gaurav_Java
    I am having 9GB text file which is encrypted . This file contains some confidential data . Which is on my system(Ubuntu) and my external HDD (ntfs) . This file get daily updated and then encrypted . But it has to be shared among 2-3 (Windows) person. I defined permission so that no other person can even read this file(chmod 660). It is too large file, so I can't upload it anywhere and it get updated daily basis. But this file travel on Windows OS and Ubuntu also. Even I am having copy of this on my personal computer. Recently it was deleted by some other user over Windows . I just want to know how can I set permission over that file so that it cannot be deleted from any other operating system. If someone delete this file, then I am having data old for couple of days, which is only on my system. I gone through this question it says there is nothing. And from this question I am not able to understand how can I protect it. Can I do anything for preventing this file from being deleted. Then how can I secure this files from getting deleted any suggestion or software or ideas. Maybe I sound silly or this is stupid question. Please don't close it, thanks for any suggestion or solution.

    Read the article

  • Design practice for securing data inside Azure SQL

    - by Sid
    Update: I'm looking for a specific design practice as we try to build-our-own database encryption. Azure SQL doesn't support many of the encryption features found in SQL Server (Table and Column encryption). We need to store some sensitive information that needs to be encrypted and we've rolled our own using AesCryptoServiceProvider to encrypt/decrypt data to/from the database. This solves the immediate issue (no cleartext in db) but poses other problems like Key rotation (we have to roll our own code for this, walking through the db converting old cipher text into new cipher text) metadata mapping of which tables and which columns are encrypted. This is simple when it's just couple of columns (send an email to all devs/document) but that quickly gets out of hand ... So, what is the best practice for doing application level encryption into a database that doesn't support encryption? In particular, what is a good design to solve the above two bullet points? If you had specific schema additions would love it if you could give details ("Have a NVARCHAR(max) column to store the cipher metadata as JSON" or a SQL script/commands). If someone would like to recommend a library, I'd be happy to stay away from "DIY" too. Before going too deep - I assume there isn't any way I can add encryption support to Azure by creating a stored procedure, right?

    Read the article

  • SQL Server Configuration Scripting Utility Release 9

    - by Bill Graziano
    There’s another update to my little utility to script a SQL Server’s configuration.  I use this for two purposes.  First, I use it to keep my database mirroring servers up to date.  Second, I capture the output in a version control system and keep that for historical reference. In release 3.0.9 I made the following changes: Rewrote the encrypted trigger scripting.  It will now list the encrypted triggers in a comment in the table script but can’t actually script them. It now scripts any server event notifications. You can script a single database using the /scriptdb flag.  Please note that it will also script the instance and system databases when it does this. It will script any user-defined endpoints.  This will capture your mirroring endpoints and more importantly any service broker endpoints. It will gracefully skip database mail on the Express Edition. It still doesn’t support SQL Server 2012.  I think that’s the next feature to add though.

    Read the article

  • Implementation of ZipCrypto / Zip 2.0 encryption in java

    - by gomesla
    I'm trying o implement the zipcrypto / zip 2.0 encryption algoritm to deal with encrypted zip files as discussed in http://www.pkware.com/documents/casestudies/APPNOTE.TXT I believe I've followed the specs but just can't seem to get it working. I'm fairly sure the issue has to do with my interpretation of the crc algorithm. The documentation states CRC-32: (4 bytes) The CRC-32 algorithm was generously contributed by David Schwaderer and can be found in his excellent book "C Programmers Guide to NetBIOS" published by Howard W. Sams & Co. Inc. The 'magic number' for the CRC is 0xdebb20e3. The proper CRC pre and post conditioning is used, meaning that the CRC register is pre-conditioned with all ones (a starting value of 0xffffffff) and the value is post-conditioned by taking the one's complement of the CRC residual. Here is the snippet that I'm using for the crc32 public class PKZIPCRC32 { private static final int CRC32_POLYNOMIAL = 0xdebb20e3; private int crc = 0xffffffff; private int CRCTable[]; public PKZIPCRC32() { buildCRCTable(); } private void buildCRCTable() { int i, j; CRCTable = new int[256]; for (i = 0; i <= 255; i++) { crc = i; for (j = 8; j > 0; j--) if ((crc & 1) == 1) crc = (crc >>> 1) ^ CRC32_POLYNOMIAL; else crc >>>= 1; CRCTable[i] = crc; } } private int crc32(byte buffer[], int start, int count, int lastcrc) { int temp1, temp2; int i = start; crc = lastcrc; while (count-- != 0) { temp1 = crc >>> 8; temp2 = CRCTable[(crc ^ buffer[i++]) & 0xFF]; crc = temp1 ^ temp2; } return crc; } public int crc32(int crc, byte buffer) { return crc32(new byte[] { buffer }, 0, 1, crc); } } Below is my complete code. Can anyone see what I'm doing wrong. package org.apache.commons.compress.archivers.zip; import java.io.IOException; import java.io.InputStream; public class ZipCryptoInputStream extends InputStream { public class PKZIPCRC32 { private static final int CRC32_POLYNOMIAL = 0xdebb20e3; private int crc = 0xffffffff; private int CRCTable[]; public PKZIPCRC32() { buildCRCTable(); } private void buildCRCTable() { int i, j; CRCTable = new int[256]; for (i = 0; i <= 255; i++) { crc = i; for (j = 8; j > 0; j--) if ((crc & 1) == 1) crc = (crc >>> 1) ^ CRC32_POLYNOMIAL; else crc >>>= 1; CRCTable[i] = crc; } } private int crc32(byte buffer[], int start, int count, int lastcrc) { int temp1, temp2; int i = start; crc = lastcrc; while (count-- != 0) { temp1 = crc >>> 8; temp2 = CRCTable[(crc ^ buffer[i++]) & 0xFF]; crc = temp1 ^ temp2; } return crc; } public int crc32(int crc, byte buffer) { return crc32(new byte[] { buffer }, 0, 1, crc); } } private static final long ENCRYPTION_KEY_1 = 0x12345678; private static final long ENCRYPTION_KEY_2 = 0x23456789; private static final long ENCRYPTION_KEY_3 = 0x34567890; private InputStream baseInputStream = null; private final PKZIPCRC32 checksumEngine = new PKZIPCRC32(); private long[] keys = null; public ZipCryptoInputStream(ZipArchiveEntry zipEntry, InputStream inputStream, String passwd) throws Exception { baseInputStream = inputStream; // Decryption // ---------- // PKZIP encrypts the compressed data stream. Encrypted files must // be decrypted before they can be extracted. // // Each encrypted file has an extra 12 bytes stored at the start of // the data area defining the encryption header for that file. The // encryption header is originally set to random values, and then // itself encrypted, using three, 32-bit keys. The key values are // initialized using the supplied encryption password. After each byte // is encrypted, the keys are then updated using pseudo-random number // generation techniques in combination with the same CRC-32 algorithm // used in PKZIP and described elsewhere in this document. // // The following is the basic steps required to decrypt a file: // // 1) Initialize the three 32-bit keys with the password. // 2) Read and decrypt the 12-byte encryption header, further // initializing the encryption keys. // 3) Read and decrypt the compressed data stream using the // encryption keys. // Step 1 - Initializing the encryption keys // ----------------------------------------- // // Key(0) <- 305419896 // Key(1) <- 591751049 // Key(2) <- 878082192 // // loop for i <- 0 to length(password)-1 // update_keys(password(i)) // end loop // // Where update_keys() is defined as: // // update_keys(char): // Key(0) <- crc32(key(0),char) // Key(1) <- Key(1) + (Key(0) & 000000ffH) // Key(1) <- Key(1) * 134775813 + 1 // Key(2) <- crc32(key(2),key(1) >> 24) // end update_keys // // Where crc32(old_crc,char) is a routine that given a CRC value and a // character, returns an updated CRC value after applying the CRC-32 // algorithm described elsewhere in this document. keys = new long[] { ENCRYPTION_KEY_1, ENCRYPTION_KEY_2, ENCRYPTION_KEY_3 }; for (int i = 0; i < passwd.length(); ++i) { update_keys((byte) passwd.charAt(i)); } // Step 2 - Decrypting the encryption header // ----------------------------------------- // // The purpose of this step is to further initialize the encryption // keys, based on random data, to render a plaintext attack on the // data ineffective. // // Read the 12-byte encryption header into Buffer, in locations // Buffer(0) thru Buffer(11). // // loop for i <- 0 to 11 // C <- buffer(i) ^ decrypt_byte() // update_keys(C) // buffer(i) <- C // end loop // // Where decrypt_byte() is defined as: // // unsigned char decrypt_byte() // local unsigned short temp // temp <- Key(2) | 2 // decrypt_byte <- (temp * (temp ^ 1)) >> 8 // end decrypt_byte // // After the header is decrypted, the last 1 or 2 bytes in Buffer // should be the high-order word/byte of the CRC for the file being // decrypted, stored in Intel low-byte/high-byte order. Versions of // PKZIP prior to 2.0 used a 2 byte CRC check; a 1 byte CRC check is // used on versions after 2.0. This can be used to test if the password // supplied is correct or not. byte[] encryptionHeader = new byte[12]; baseInputStream.read(encryptionHeader); for (int i = 0; i < encryptionHeader.length; i++) { encryptionHeader[i] ^= decrypt_byte(); update_keys(encryptionHeader[i]); } } protected byte decrypt_byte() { byte temp = (byte) (keys[2] | 2); return (byte) ((temp * (temp ^ 1)) >> 8); } @Override public int read() throws IOException { // // Step 3 - Decrypting the compressed data stream // ---------------------------------------------- // // The compressed data stream can be decrypted as follows: // // loop until done // read a character into C // Temp <- C ^ decrypt_byte() // update_keys(temp) // output Temp // end loop int read = baseInputStream.read(); read ^= decrypt_byte(); update_keys((byte) read); return read; } private final void update_keys(byte ch) { keys[0] = checksumEngine.crc32((int) keys[0], ch); keys[1] = keys[1] + (byte) keys[0]; keys[1] = keys[1] * 134775813 + 1; keys[2] = checksumEngine.crc32((int) keys[2], (byte) (keys[1] >> 24)); } }

    Read the article

< Previous Page | 15 16 17 18 19 20 21 22 23 24 25 26  | Next Page >