Search Results

Search found 46494 results on 1860 pages for 'public key encryption'.

Page 2/1860 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12 | Next Page >

URL Encryption vs. Encoding

- by hozza

At the moment non/semi sensitive information is sent from one page to another via GET on our web application. Such as user ID or page number requested etc. Sometimes slightly more sensitive information is passed such as account type, user privileges etc. We currently use base64_encode() and base64_decode() just to de-humanise the information so the end user is not concerned. Is it good practice or common place for a URL GET to be encrypted rather than simply PHP base64_encoded? Perhaps using something like, this: $encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $string, MCRYPT_MODE_CBC, md5(md5($key)))); $decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($encrypted), MCRYPT_MODE_CBC, md5(md5($key))), "\0"); Is this too much or too power hungry for something as common as the URL GET.

Read the article
Basic principles of computer encryption?

- by Andrew

I can see how a cipher can be developed using substitutions and keys, and how those two things can become more and more complex, thus offering some protection from decryption through brute-force approaches. But specifically I'm wondering: what other major concepts beyond substitution and key are involved? is the protection/secrecy of the key a greater vulnerability than the strength of the encryption? why does encryption still hold up when the key is 'public' ? are performance considerations a major obstacle to the development of more secure encryption?

Read the article
Ubuntu 12.04 64 bit doesn't work on a win7 with check point full disk encryption

- by Victor Rodriguez

I installed Ubuntu 12.04 64 bit with the Wubi installer on a Windows 7 with Check Point Full Disk Encryption. The Wubi Installer runs without any trouble selecting the compatibility mode with WinXP and as Administrator. The problem is that after the installation is complete and the reboot done, when you restart the system, there's no option to start Ubuntu instead of Windows. I recently installed Ubuntu on other Win7 machines without any problem. But those laptops don't have the Check Point Full Disk Encryption. And when you restart the system you have the option to start in Ubuntu. If somebody has resolved this issue please share...!!! Regards! Víctor

Read the article
home-folder encryption: Does it work?

- by jpaugh

Back when Ubuntu first sported home folder encryption (what, around the time of Jaunty Jackalope?), I opted in. That caused me some grief when I decided to change my login password. I found that I couldn't decrypt my home anymore! In trying to fix this, I eventually muddled things to the point that using my old password didn't work anymore, either. That experience has left me very shy of using an encrypted home directory--nevermind the performance hit of encryption. Has this feature become more "stable" since it came out? Does it break if you change your login password? Has your [more recent] experience been better? (Does it work in Natty Narwhal?)

Read the article
Full disk encryption with seperate boot and encrypted keyfile storage: Two-Form Authentication

- by Cain

I am trying to setup true Full Disk encryption with two-form authentication on 12.04 and can not find out how to call a keyfile for the encrypted root out of another encrypted partition. All documentation or questions I am finding for whole or full disk encryption only encrypts separate partitions on the same disk. This is not what most are calling full disk encryption, /boot is not on a partition on the root drive, rather it is on a usb stick as sdx1. Instead root is on a logical partition on top of a LUKS container. Luks is run on the whole disk, encrypting the partition table as well. All drives in the machine are completely encrypted and to open it it requires a USB drive (what I have) as well as a passphrase (what I know) resulting in Two-Form Authentication to boot the machine. Device sdx cryptroot vg00 lvroot / There is no passphrase to open the encrypted root device, only a keyfile. That keyfile is kept on the usb drive with /boot, in its own encrypted partition (I'll call this cryptkey). In order for the root file system (cryptroot) to be opened, initramfs must ask for the passphrase to cryptkey on the usb drive, then use the keyfile inside that to open cryproot. I did manage to find what I think is the how-to I used to do this once before: http://wiki.ubuntu.org.cn/UbuntuHelp:FeistyLUKSTwoFormFactor I already have the system installed and can chroot into it, however, I can not get it to call for the keys on the USB during boot. I did find a how-to saying I needed to make a cryptroot conf for initramfs but, I believe that is for a passphrase: https://help.ubuntu.com/community/EncryptedFilesystemLVMHowto#Notes_for_making_it_work_in_Ubuntu_12.04_.22Precise_Pangolin.22_amd64 I also tried to setup crypttab. However, crypttab only works for drives mounted after the root drive as calling for a keyfile on a device not yet mounted to the system doesnt work. The Feisty how-to included scripts that would be run during boot instructing initramfs to mount the usb drive temporarily and call the keyfile for root which worked quite well except those scripts are outdated now, many of the things they relied on have been merged into something else, changed, or simply don't exist anymore. If I have missed a clear how-to for this, that would be wonderful, I just don't think I have.

Read the article
Books or guides regarding secure key storage and database encryption

- by Matty

I have an idea for a SaaS product I want to create, however, this product will store extremely sensitive data that needs to be encrypted at rest. The trouble is not so much the encryption, but the problem of securely storing the keys so that in the event the server was somehow compromised, the keys couldn't just be recovered and used to decrypt the database. Are there any decent books to guides regarding database encryption, and in particular secure key storage? This seems to be a less than straightforward topic and something that is difficult to get right. I'm seeing multiple ways to attack such a system, but unable to come up with one that is secure enough to store highly confidential information.

Read the article
transparent home directory encryption

- by user86458

#1 I'm very new to the ubuntu home directory encryption or rather ecryptfs folder encryption. I read about the same within Dustin's blog & tried implementing it. Problem or query is my home directory is encrypted & has a www folder ... now when I reboot the system the decryption doesnt happen at startup/boot & apache is not able to find the files rather the folder www since it is not mounted ... in order to mount it I have to login .... is there a way by which an encrypted home / private folder can be mounted at boot without human intervention ? #2 I have installed ubuntu server 11.10 & had selected "encrypt home directory" when installing the same. With ubuntu things are working transparently even after reboot & without logging in. Kindly can anyone pls explain or guide on the same ?

Read the article
Preseed Ubuntu installation with full disk encryption

- by user249264

I am trying to set up Ubuntu full disk encryption using preseeding. I was able to set things up correctly following the preseed file presented here. But I do not want to provide the default password in the preseed file. Is there a way to let ubiquity fall to the screen that asks for the encryption passphrase just like it does when the username is not provided in the preseed file? When I try to leave the passphrase option empty in the preseed file, I get an error in the installer saying "An error occured while creating the keyfile".

Read the article
Encryption Password help!

- by Carlos L.

Ok so let me summarize this up. I encrypted my Home to protect against hackers of course when I first installed Ubuntu. It loaded up the Terminal and was attempting to show me my encryption password incase it ever needed to be used. So I thought "Ehh what the heck, I can find it out later..." So I closed Terminal and went on with the (amazing!) Ubuntu life. But now I am having to install Java JDK 7.0.0.4 onto my computer to ya know, play games and such. But it is asking for my password for the encrypted Home folder but it never gave it to me... HELP!!! Does anyone remember the command for Terminal to give you you're randomly generated Encryption password pop up on the famous purple window? Please give legitimate answer and fast please!

Read the article
How does eMail encryption work?

- by Dummy Derp

I have been going over YouTube watching videos on eMail encryption and everyone seems to explain it from a different perspective. Some do it for a CompTIA exam while others just provide a primer. Here is what I understood: Step1: You compose an email that you want to send. Without encryption, it will be simple ASCII text that will be visible to anyone along the way. Step2: You generate a digital signature to make sure that nobody gets to re-transmit your email and claim it was you. Digital Signature is generated using Sender's private key which is usually a hash of the password and is then combined with the original message to form one long hash string. These signatures are one-time-use-only and a new one is calculated for every email. Step 3: You encrypt the compose of your email using Receiver's public key so that the only person who can read it is the intended receiver using their private key Step 4: When you hit the send the email, what is transmitted now is gibberish to everyone apart from the intended receiver who will decrypt is using their private key And there are various ways to do it like PEM, PGP, etc. Correct me where I am wrong or refine where necessary.

Read the article
Simple SSH public/private key question

- by James R.

I am trying to learn this instead of just following guides so I can recommend proper actions when people do ask (and they do). Here is what I got down. First, generate both key with command such as this: ssh-keygen -b 2048 -t rsa -C comment -f ~/.ssh/id_rsa Then you push the public part of the key into authorized_keys2 file cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys2 (and then chmod it to 600 or similar) And you download the private key to your computer (id_rsa) and feed that in to Putty to be read and authenticate. Are these the correct steps to setting this public/private key authentication for passwordless login to SSH?

Read the article
Signing a public key

- by Gatura

Am not sure where this is the right place to ask this Someone has asked me to sign their public key, how do i do that?

Read the article
How to handle encryption key conflicts when synchronizing data?

- by Rafael

Assume that there is data that gets synchronized between several devices. The data is protected with a symmetric encryption algorithm and a key. The key is stored on each device and encrypted with a password. When a user changes the password only the key gets re-encrypted. Under normal circumstances, when there is a good network connection to other peers, the current key gets synchronized and all data on the new device gets encrypted with the same key. But how to handle situations where a new device doesn’t have a network connection and e.g. creates its own new, but incompatible key? How to keep the usability as high as possible under such circumstances? The application could detect that there is no network and hence refuse to start. That’s very bad usability in my opinion, because the application isn’t functional at all in this case. I don’t consider this a solution. The application could ignore the missing network connection and create a new key. But what to do when the application gains a network connection? There will be several incompatible keys and some parts of the underlying data could only be encrypted with one key and other parts with another key. The situation would get worse if there would be more keys than just two and the application would’ve to ask every time for a password when another object that should get decrypted with another key would be needed. It is very messy and time consuming to try to re-encrypt all data that is encrypted with another key with a main key. What should be the main key at all in this case? The oldest key? The key with the most encrypted objects? What if the key got synchronized but not all objects that got encrypted with this particular key? How should the user know for which particular password the application asks and why it takes probably very long to re-encrypt the data? It’s very hard to describe encryption “issues” to users. So far I didn’t find an acceptable solution, nor some kind of generic strategy. Do you have some hints about a concrete strategy or some books / papers that describe synchronization of symmetrically encrypted data with keys that could cause conflicts?

Read the article
Content Encryption Options in Oracle IRM 11g

- by martin.abrahams

Another of the innovations in Oracle IRM 11g is a wider choice of encryption algorithms for protecting content. The choice is now as illustrated below. As you see, three of the choices are marked as FIPS options, where FIPS refers to the Federal Information Processing Standard Publication 140-2, a U.S. government security standard for accreditation of cryptographic modules.

Read the article
Added key, but still getting "gpg: Can't check signature: public key not found"

- by gertvdijk

Trying to download Django source package using dget and the .dsc file from here. Then dget fails to verify the source, because it is missing a public key. $ dget https://launchpad.net/ubuntu... [...] dscverify: python-django_1.4.1-2.dsc failed signature check: gpg: Signature made Tue 21 Aug 2012 09:12:04 CEST using RSA key ID F2AC729A gpg: Can't check signature: public key not found Validation FAILED!! Fine, I added this key to my keyring, because I think I can trust this one: $ gpg --keyserver keyserver.ubuntu.com --recv-key 0xF2AC729A gpg: requesting key F2AC729A from hkp server keyserver.ubuntu.com gpg: key F2AC729A: "Raphaël Hertzog <[email protected]>" not changed gpg: Total number processed: 1 gpg: unchanged: 1 (well, this output is run afterwards, when it was already in my keyring) And it is really there: $ gpg --fingerprint F2AC729A pub 4096R/F2AC729A 2009-05-07 Key fingerprint = 3E4F B711 7877 F589 DBCF 06D6 E619 045D F2AC 729A uid Raphaël Hertzog <[email protected]> uid Raphaël Hertzog (Debian) <[email protected]> uid Raphaël Hertzog (Freexian SARL) <[email protected]> sub 2048R/71F23DEE 2009-05-07 But still fails for the same reason: gpg: Signature made Tue 21 Aug 2012 09:12:04 CEST using RSA key ID F2AC729A gpg: Can't check signature: public key not found I'm running all these commands as my regular user. I also tried adding this key to APT's keyring and root's keyring. Both to no avail. What am I missing here?

Read the article
help me with xor encryption in c#

- by x86shadow

I wrote this code in c# to encrypt a text with a key : using System; using System.Linq; using System.Collections.Generic; using System.Text; namespace ENCRYPT { class XORENC { private static int Bin2Dec(string num) { int _num = 0; for (int i = 0; i < num.Length; i++) { _num += (int)Math.Pow(2, num.Length - i - 1) * int.Parse(num[i].ToString()); } return _num; } private static string Dec2Bin(int num) { if (num < 2) return num.ToString(); return Dec2Bin(num / 2) + (num % 2).ToString(); } public static string StrXor(string str, string key) { string _str = ""; string _key = ""; string _dec = ""; string _temp = ""; for (int i = 0; i < str.Length; i++) { _temp = Dec2Bin(str[i]); for (int j = 0; j < 8 - _temp.Length + 1; j++) { _temp = '0' + _temp; } _str += _temp; } for (int i = 0; i < key.Length; i++) { _temp = Dec2Bin(key[i]); for (int j = 0; j < 8 - _temp.Length + 1; j++) { _temp = '0' + _temp; } _key += _temp; } while (_key.Length < _str.Length) { _key += _key; } if (_key.Length > _str.Length) _key = _key.Substring(0, _str.Length); for (int i = 0; i < _str.Length; i++) { if (_str[i] == _key[i]) { _dec += '0'; } else { _dec += '1'; } } _str = ""; for (int i = 0; i < _dec.Length; i = i + 8) { char _chr = (char)0; _chr = (char)Bin2Dec(_dec.Substring(i, 8)); _str += _chr; } return _str; } } } the problem is that I always get error when I want to decrypt an encryted text with this code. see the example below for more info : string enc_text = ENCRYPT.XORENC("abc","a"); //enc_text = " ??" string dec_text = ENCRYPT.XORENC(enc_text,"a"); //ERROR any one can help ?

Read the article
Does home directory encryption depend on gnome keyring?

- by pedorro

My gnome-keyring has somehow gotten messed up. It prompts for a password (that I know I never provided - yes I chose 'unsafe storage'). None of the possible passwords that I use (including empty) are working. So basically I want to delete the default key so I can start over. I just want to confirm that this isn't somehow tied to my home directory encryption. I want to be sure that if I delete the default key from it, I will still be able to log in normally and decrypt my home directory. It seems likely that they're unrelated as the keyring is within the home directory and is thus itself encrypted, but I just thought I'd ask. Anyone have any thoughts?

Read the article
EFS Remote Encryption

- by Apoulet

We have been trying to setup EFS across our domain. Unfortunately Reading/Writing file over network share does not work, we get an "Access Denied" error. Another worrying fact is that I managed to get it working for 1 machine but no other would work. The machines are all Windows 2008R2, running as VM under ESXi host. According to: http://technet.microsoft.com/en-us/library/bb457116.aspx#EHAA We setup the involved machine to be trusted for delegation The user are not restricted and can be trusted for delegation. The users have logged-in on both side and can read/write encrypted files without issues locally. I enabled Kerberos logging in the registry and this is the relevant logs that I get on the machine that has the encrypted files. In order for all certificate that the user possess (Only Key Name changes): Event ID 5058: Audit Success, "Other System Events" Key file operation. Subject: Security ID: {MyDOMAIN}\{MyID} Account Name: {MyID} Account Domain: {MyDOMAIN} Logon ID: 0xbXXXXXXX Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: Not Available. Key Name: {CE885431-9B4F-47C2-8415-2D766B999999} Key Type: User key. Key File Operation Information: File Path: C:\Users\{MyID}\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4585646465656-260371901-2912106767-1207\66099999999991e891f187e791277da03d_dfe9ecd8-31c4-4b0f-9b57-6fd3cab90760 Operation: Read persisted key from file. Return Code: 0x0[/code] Event ID 5061: Audit Faillure, "System Intergrity" [code]Cryptographic operation. Subject: Security ID: {MyDOMAIN}\{MyID} Account Name: {MyID} Account Domain: {MyDOMAIN} Logon ID: 0xbXXXXXXX Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {CE885431-9B4F-47C2-8415-2D766B999999} Key Type: User key. Cryptographic Operation: Operation: Open Key. Return Code: 0x8009000b Could this be related to this error from the CryptAcquireContext function NTE_BAD_KEY_STATE 0x8009000BL The user password has changed since the private keys were encrypted. The problem is that the users I using at the moment can not change their password.

Read the article
64 bit public key encryption

- by sourabh0612

Need to generate 64 bit public-private key pair can't find out any standard algorithm....... Someone please reply asap

Read the article
Passwords in the Password/Encryption Keys program

- by Gaurav_Java

I noticed that I have passwords in the Password/Encryption Keys program . It appears that anybody who walked up to my computer could go look at all my passwords without needing a master password. Did I do something wrong or is this the default behavior? And if so, why? and what if i lick my password is it get locked till i log out or for every time when i have 2to see password then i have to unlock keyrings . if then so how i protect my passwords from other . and why it is done so

Read the article
Bad performance with Linux software RAID5 and LUKS encryption

- by Philipp Wendler

I have set up a Linux software RAID5 on three hard drives and want to encrypt it with cryptsetup/LUKS. My tests showed that the encryption leads to a massive performance decrease that I cannot explain. The RAID5 is able to write 187 MB/s [1] without encryption. With encryption on top of it, write speed is down to about 40 MB/s. The RAID has a chunk size of 512K and a write intent bitmap. I used -c aes-xts-plain -s 512 --align-payload=2048 as the parameters for cryptsetup luksFormat, so the payload should be aligned to 2048 blocks of 512 bytes (i.e., 1MB). cryptsetup luksDump shows a payload offset of 4096. So I think the alignment is correct and fits to the RAID chunk size. The CPU is not the bottleneck, as it has hardware support for AES (aesni_intel). If I write on another drive (an SSD with LVM) that is also encrypted, I do have a write speed of 150 MB/s. top shows that the CPU usage is indeed very low, only the RAID5 xor takes 14%. I also tried putting a filesystem (ext4) directly on the unencrypted RAID so see if the layering is problem. The filesystem decreases the performance a little bit as expected, but by far not that much (write speed varying, but 100 MB/s). Summary: Disks + RAID5: good Disks + RAID5 + ext4: good Disks + RAID5 + encryption: bad SSD + encryption + LVM + ext4: good The read performance is not affected by the encryption, it is 207 MB/s without and 205 MB/s with encryption (also showing that CPU power is not the problem). What can I do to improve the write performance of the encrypted RAID? [1] All speed measurements were done with several runs of dd if=/dev/zero of=DEV bs=100M count=100 (i.e., writing 10G in blocks of 100M). Edit: If this helps: I'm using Ubuntu 11.04 64bit with Linux 2.6.38. Edit2: The performance stays approximately the same if I pass a block size of 4KB, 1MB or 10MB to dd.

Read the article
Configuring Redhat / CentOS 5 SSH to authenticate to IPA server with public keys

- by Kyle Flavin

I'm trying to configure some Red Hat/CentOS servers to use an ipa-server on CentOS 6 for SSH authentication with public keys. I'm storing the public keys on the IPA server, which works great on Centos6 using "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys" in /etc/ssh/sshd_config. However, on RH 5.10, neither the "AuthorizedKeysCommand" directive or the "/usr/bin/sss_ssh_authorizedkeys" command exist to pull the public key from the directory. Is there a different way to make this work? Googling this mostly returns instructions for setting it up on 6.

Read the article
Tell git which private key to use

- by jrdioko

ssh has the -i option to tell it which private key file to use when authenticating: -i identity_file Selects a file from which the identity (private key) for RSA or DSA authentication is read. The default is ~/.ssh/identity for protocol ver- sion 1, and ~/.ssh/id_rsa and ~/.ssh/id_dsa for protocol version 2. Iden- tity files may also be specified on a per-host basis in the configuration file. It is possible to have multiple -i options (and multiple identities specified in configuration files). Is there a similar way to tell git which private key file to use when on a system with multiple private keys in the .ssh directory?

Read the article
Changing encryption settings for Microsoft Office 2010/2013

- by iridescent

Although there are Office 2013 settings to change how encryption is performed, when you encrypt Open XML Format files (.docx, .xslx, .pptx, and so on) the default values — AES (Advanced Encryption Standard), 128-bit key length, SHA1, and CBC (cipher block chaining) — provide strong encryption and should be fine for most organizations. Quoted from http://technet.microsoft.com/en-us/library/cc179125.aspx . I can't figure out where is the setting to change how encryption is performed. Is there any possible to change the encryption algorithm being used instead of the default AES-128 ? Thanks.

Read the article
How to safely store encryption key in a .NET assembly

- by Alex

In order to prevent somebody from grabbing my data easily, I cache data from my service as encrypted files (copy protection, basically). However, in order to do this, I must store the encryption key within the .NET assembly so it is able to encrypt and decrypt these files. Being aware of tools like Red Gate's .NET Reflector which can pull my key right out, I get a feeling that this is not a very safe way of doing it... are there any best practices to doing this?

Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12 | Next Page >