Search Results

Search found 1053 results on 43 pages for 'encrypt'.

Page 27/43 | < Previous Page | 23 24 25 26 27 28 29 30 31 32 33 34  | Next Page >

  • What could be causing LVM errors on first boot after install in Debian?

    - by ianfuture
    Hi, I've installed Debian (lenny) on a machine at home. It was set up during install to have a /boot partition, then the rest was encrypted, then had an LVM ontop of that, then all the other partitons inside LVM. After install completed and on first boot it asked for password to un-encrypt(same password for both drives) then it showed an error which said LVM could not find a physical device with a particular UUID or something similar. LVM install is over two HDs. One is 120GB and one 40GB. 120GB is Master on its IDE cable and this has /boot on it. 40GB is slave on the other IDE cable. Is there anything that could be done to rescue this install? Or diagnose problem? It took ages to get installed due to time spent enrypting drives and I'd rather not go through that again. :( Thanks.. Ian

    Read the article

  • Program for keeping encrypted files.

    - by Giorgi
    I am looking for a program which will encrypt files specified by me and allow me to view/edit/delete those files without creating a virtual disk. I do not want to have virtual disk as a domain administrator can access it so truecrypt is not the possibility. One possibility is to use winrar with password protected archive but winrar serves a different goal so it is not very user friendly for this purpose. If it's possible it would be nice if the program does not creates temp files while I open the files. Any suggestions?

    Read the article

  • Can files deleted on an ecnrypted drive be restored?

    - by roddik
    Hi. There are ways to restore files, deleted from the system by default, I'm not sure about the way they work but I guess thet read content, that has not been overwritten. On the other hand, there are programs (e.g. TrueCrypt), that encrypt disks, claiming that it wouldn't be possible to tell apart random data and file contents on such a disk without a password. Therefore I think that files, deleted from such disks can't be restored. Is that correct? I know one way to find out would be to try it, but there is a possibility, that I would just pick the wrong restoring software. Moreover, I'm more interested in theorethical explanation why it would/wouldn't be possible. Thanks

    Read the article

  • Access denied to EFS encrypted files after PC joins domain

    - by mjmarsh
    I'm experiencing strange behavior with Windows Encrypted File System: I have a machine that is in workgroup mode (not joined to a domain) I encrypt an entire directory structure on the machine (basically a folder and subfolders with data files for my application). My application writes and reads files from the encrypted file hierarchy as a local Windows user (let's call the account 'SecureUser'). This works fine I then join the PC to a domain (Let's call it 'TEST') Afterwards, processes running as the local 'SecureUser' account can't read the files it wrote originally when it was off the domain (What is also strange is that the files are listed as "read only" now and I cannot unset this flag via Windows Explorer or the command line, even though it looks like it succeeds) I then 'un-join' the PC from the domain and everything works again Is there something about changing domain membership on a PC that changes the behavior of EFS so that previously encrypted files cannot be read, even by the originating user? Thanks in advance

    Read the article

  • Activating ssl on tomcat

    - by toom
    I want to encrypt the http traffic on a tomcat instance via ssl. Therefore I followed the most simplistic approach described on various webpages. But anyway it simply does not work. Here is what I did: "keytool -genkey -alias tomcat -keyalg RSA" and I enterd "changeit" as the password (since this is the defaut chosen by tomcat) Altering $CATALINA_HOME/conf/servers.xml by uncommenting the following line Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS"/ Restarting tomcat Entering https://localhost:8443 does not work. However, I can still access the page via normal http like http://localhost:8080 The logfile does not contain any suspicious information. What is going wrong here?

    Read the article

  • How to effectively secure a dedicated server for intranet use?

    - by Mark
    I need to secure a dedicated server for intranet use, the server is managed so will have software based security, but what other security should be considered for enterprise level security? The intranet is a host for an ECM (Alfresco) managing and storing sensitive documents. As the information is sensitive we are trying to make it as secure as reasonably possible (requirement in UK law). We plan to encrypt the data on the database. It will be connected to via SSL encryption. Should we consider Hardware firewall, Private lan between the application server and database server?

    Read the article

  • What does the NTFS encryption protect against?

    - by Ray
    I have encrypted a folder from the (PropertiesAdvancedEncrypt contents to secure data). However when I change my user profile to another one which is also an administrator the folder seems to be accessible as if nothing happened. What exactly does this encryption protect against. I'm looking to encrypt folders that no other user, or another OS or even if the HDD were to be removed and plugged to another device will be accessible. My OS is Windows 7 Ultimate. Any suggestions?

    Read the article

  • Has anyone seen an HTTP 500 error when HTTPS traffic going through Pound Proxy forwards to an HTTP page?

    - by scientastic
    We have Varnish as our load balancer and reverse proxy cache for normal HTTP traffic. For HTTPS traffic, we use Pound proxy to unwrap the SSL and forward to Varnish, which then forwards to the back-end servers. This is used for our "checkout" process to encrypt credit card info in transition. However, on the last stage of checkout, users are always getting an HTTP 500 (Internal Server) error. It doesn't seem to be due to our back-end app server, by all tests I've tried. Does anyone know anything about how that transition works-- the transition back from HTTPS to HTTP and the interaction between Pound and Varnish-- and why it might cause 500 errors?

    Read the article

  • How to decrypt an encrypted Apple iTunes iPhone backup?

    - by afit
    I've been asked by a number of unfortunate iPhone users to help them restore data from their iTunes backups. This is easy when they are unencrypted, but not when they are encrypted, whether or not the password is known. As such, I'm trying to figure out the encryption scheme used on mddata and mdinfo files when encrypted. I have no problems reading these files otherwise, and have built some robust C# libraries for doing so. (If you're able to help, I don't care which language you use. It's the principle I'm after here!) The Apple "iPhone OS Enterprise Deployment Guide" states that "Device backups can be stored in encrypted format by selecting the Encrypt iPhone Backup option in the device summary pane of iTunes. Files are encrypted using AES128 with a 256-bit key. The key is stored securely in the iPhone keychain." That's a pretty good clue, and there's some good info here on Stackoverflow on iPhone AES/Rijndael interoperability suggesting a keysize of 128 and CBC mode may be used. Aside from any other obfuscation, a key and initialisation vector (IV)/salt are required. One might assume that the key is a manipulation of the "backup password" that users are prompted to enter by iTunes and passed to "AppleMobileBackup.exe", padded in a fashion dictated by CBC. However, given the reference to the iPhone keychain, I wonder whether the "backup password" might not be used as a password on an X509 certificate or symmetric private key, and that the certificate or private key itself might be used as the key. (AES and the iTunes encrypt/decrypt process is symmetric.) The IV is another matter, and it could be a few things. Perhaps it's one of the keys hard-coded into iTunes, or into the devices themselves. Although Apple's comment above suggests the key is present on the device's keychain, I think this isn't that important. One can restore an encrypted backup to a different device, which suggests all information relevant to the decryption is present in the backup and iTunes configuration, and that anything solely on the device is irrelevant and replacable in this context. So where might be the key be? I've listed paths below from a Windows machine but it's much of a muchness whichever OS we use. The "\appdata\Roaming\Apple Computer\iTunes\itunesprefs.xml" contains a PList with a "Keychain" dict entry in it. The "\programdata\apple\Lockdown\09037027da8f4bdefdea97d706703ca034c88bab.plist" contains a PList with "DeviceCertificate", "HostCertificate", and "RootCertificate", all of which appear to be valid X509 certs. The same file also appears to contain asymmetric keys "RootPrivateKey" and "HostPrivateKey" (my reading suggests these might be PKCS #7-enveloped). Also, within each backup there are "AuthSignature" and "AuthData" values in the Manifest.plist file, although these appear to be rotated as each file gets incrementally backed up, suggested they're not that useful as a key, unless something really quite involved is being done. There's a lot of misleading stuff out there suggesting getting data from encrypted backups is easy. It's not, and to my knowledge it hasn't been done. Bypassing or disabling the backup encryption is another matter entirely, and is not what I'm looking to do. This isn't about hacking apart the iPhone or anything like that. All I'm after here is a means to extract data (photos, contacts, etc.) from encrypted iTunes backups as I can unencrypted ones. I've tried all sorts of permutations with the information I've put down above but got nowhere. I'd appreciate any thoughts or techniques I might have missed.

    Read the article

  • How to decrypt a string in C# that was encrypted in Delphi

    - by Simon Linder
    Hi all, we have a project written in Delphi that we want to convert to C#. Problem is that we have some passwords and settings that are encrypted and written into the registry. When we need a specified password we get it from the registry and decrypt it so we can use it. For the conversion into C# we have to do it the same way so that the application can also be used by users that have the old version and want to upgrade it. Here is the code we use to encrypt/decrypt strings in Delphi: unit uCrypt; interface function EncryptString(strPlaintext, strPassword : String) : String; function DecryptString(strEncryptedText, strPassword : String) : String; implementation uses DCPcrypt2, DCPblockciphers, DCPdes, DCPmd5; const CRYPT_KEY = '1q2w3e4r5t6z7u8'; function EncryptString(strPlaintext) : String; var cipher : TDCP_3des; strEncryptedText : String; begin if strPlaintext <> '' then begin try cipher := TDCP_3des.Create(nil); try cipher.InitStr(CRYPT_KEY, TDCP_md5); strEncryptedText := cipher.EncryptString(strPlaintext); finally cipher.Free; end; except strEncryptedText := ''; end; end; Result := strEncryptedText; end; function DecryptString(strEncryptedText) : String; var cipher : TDCP_3des; strDecryptedText : String; begin if strEncryptedText <> '' then begin try cipher := TDCP_3des.Create(nil); try cipher.InitStr(CRYPT_KEY, TDCP_md5); strDecryptedText := cipher.DecryptString(strEncryptedText); finally cipher.Free; end; except strDecryptedText := ''; end; end; Result := strDecryptedText; end; end. So for example when we want to encrypt the string asdf1234 we get the result WcOb/iKo4g8=. We now want to decrypt that string in C#. Here is what we tried to do: public static void Main(string[] args) { string Encrypted = "WcOb/iKo4g8="; string Password = "1q2w3e4r5t6z7u8"; string DecryptedString = DecryptString(Encrypted, Password); } public static string DecryptString(string Message, string Passphrase) { byte[] Results; System.Text.UTF8Encoding UTF8 = new System.Text.UTF8Encoding(); // Step 1. We hash the passphrase using MD5 // We use the MD5 hash generator as the result is a 128 bit byte array // which is a valid length for the TripleDES encoder we use below MD5CryptoServiceProvider HashProvider = new MD5CryptoServiceProvider(); byte[] TDESKey = HashProvider.ComputeHash(UTF8.GetBytes(Passphrase)); // Step 2. Create a new TripleDESCryptoServiceProvider object TripleDESCryptoServiceProvider TDESAlgorithm = new TripleDESCryptoServiceProvider(); // Step 3. Setup the decoder TDESAlgorithm.Key = TDESKey; TDESAlgorithm.Mode = CipherMode.ECB; TDESAlgorithm.Padding = PaddingMode.None; // Step 4. Convert the input string to a byte[] byte[] DataToDecrypt = Convert.FromBase64String(Message); // Step 5. Attempt to decrypt the string try { ICryptoTransform Decryptor = TDESAlgorithm.CreateDecryptor(); Results = Decryptor.TransformFinalBlock(DataToDecrypt, 0, DataToDecrypt.Length); } finally { // Clear the TripleDes and Hashprovider services of any sensitive information TDESAlgorithm.Clear(); HashProvider.Clear(); } // Step 6. Return the decrypted string in UTF8 format return UTF8.GetString(Results); } Well the result differs from the expected result. After we call DecryptString() we expect to get asdf1234but we get something else. Does anyone have an idea of how to decrypt that correctly? Thanks in advance Simon

    Read the article

  • CryptoExcercise Encryption/Decryption Problem

    - by venkat
    I am using apples "cryptoexcercise" (Security.Framework) in my application to encrypt and decrypt a data of numeric value. When I give the input 950,128 the values got encrypted, but it is not getting decrypted and exists with the encrypted value only. This happens only with the mentioned numeric values. Could you please check this issue and give the solution to solve this problem? here is my code (void)testAsymmetricEncryptionAndDecryption { uint8_t *plainBuffer; uint8_t *cipherBuffer; uint8_t *decryptedBuffer; const char inputString[] = "950"; int len = strlen(inputString); if (len > BUFFER_SIZE) len = BUFFER_SIZE-1; plainBuffer = (uint8_t *)calloc(BUFFER_SIZE, sizeof(uint8_t)); cipherBuffer = (uint8_t *)calloc(CIPHER_BUFFER_SIZE, sizeof(uint8_t)); decryptedBuffer = (uint8_t *)calloc(BUFFER_SIZE, sizeof(uint8_t)); strncpy( (char *)plainBuffer, inputString, len); NSLog(@"plain text : %s", plainBuffer); [self encryptWithPublicKey:(UInt8 *)plainBuffer cipherBuffer:cipherBuffer]; NSLog(@"encrypted data: %s", cipherBuffer); [self decryptWithPrivateKey:cipherBuffer plainBuffer:decryptedBuffer]; NSLog(@"decrypted data: %s", decryptedBuffer); free(plainBuffer); free(cipherBuffer); free(decryptedBuffer); } (void)encryptWithPublicKey:(uint8_t *)plainBuffer cipherBuffer:(uint8_t *)cipherBuffer { OSStatus status = noErr; size_t plainBufferSize = strlen((char *)plainBuffer); size_t cipherBufferSize = CIPHER_BUFFER_SIZE; NSLog(@"SecKeyGetBlockSize() public = %d", SecKeyGetBlockSize([self getPublicKeyRef])); // Error handling // Encrypt using the public. status = SecKeyEncrypt([self getPublicKeyRef], PADDING, plainBuffer, plainBufferSize, &cipherBuffer[0], &cipherBufferSize ); NSLog(@"encryption result code: %d (size: %d)", status, cipherBufferSize); NSLog(@"encrypted text: %s", cipherBuffer); } (void)decryptWithPrivateKey:(uint8_t *)cipherBuffer plainBuffer:(uint8_t *)plainBuffer { OSStatus status = noErr; size_t cipherBufferSize = strlen((char *)cipherBuffer); NSLog(@"decryptWithPrivateKey: length of buffer: %d", BUFFER_SIZE); NSLog(@"decryptWithPrivateKey: length of input: %d", cipherBufferSize); // DECRYPTION size_t plainBufferSize = BUFFER_SIZE; // Error handling status = SecKeyDecrypt([self getPrivateKeyRef], PADDING, &cipherBuffer[0], cipherBufferSize, &plainBuffer[0], &plainBufferSize ); NSLog(@"decryption result code: %d (size: %d)", status, plainBufferSize); NSLog(@"FINAL decrypted text: %s", plainBuffer); } (SecKeyRef)getPublicKeyRef { OSStatus sanityCheck = noErr; SecKeyRef publicKeyReference = NULL; if (publicKeyRef == NULL) { NSMutableDictionary *queryPublicKey = [[NSMutableDictionary alloc] init]; // Set the public key query dictionary. [queryPublicKey setObject:(id)kSecClassKey forKey:(id)kSecClass]; [queryPublicKey setObject:publicTag forKey:(id)kSecAttrApplicationTag]; [queryPublicKey setObject:(id)kSecAttrKeyTypeRSA forKey:(id)kSecAttrKeyType]; [queryPublicKey setObject:[NSNumber numberWithBool:YES] forKey:(id)kSecReturnRef]; // Get the key. sanityCheck = SecItemCopyMatching((CFDictionaryRef)queryPublicKey, (CFTypeRef *)&publicKeyReference); if (sanityCheck != noErr) { publicKeyReference = NULL; } [queryPublicKey release]; } else { publicKeyReference = publicKeyRef; } return publicKeyReference; } (SecKeyRef)getPrivateKeyRef { OSStatus resultCode = noErr; SecKeyRef privateKeyReference = NULL; if(privateKeyRef == NULL) { NSMutableDictionary * queryPrivateKey = [[NSMutableDictionary alloc] init]; // Set the private key query dictionary. [queryPrivateKey setObject:(id)kSecClassKey forKey:(id)kSecClass]; [queryPrivateKey setObject:privateTag forKey:(id)kSecAttrApplicationTag]; [queryPrivateKey setObject:(id)kSecAttrKeyTypeRSA forKey:(id)kSecAttrKeyType]; [queryPrivateKey setObject:[NSNumber numberWithBool:YES] forKey:(id)kSecReturnRef]; // Get the key. resultCode = SecItemCopyMatching((CFDictionaryRef)queryPrivateKey, (CFTypeRef *)&privateKeyReference); NSLog(@"getPrivateKey: result code: %d", resultCode); if(resultCode != noErr) { privateKeyReference = NULL; } [queryPrivateKey release]; } else { privateKeyReference = privateKeyRef; } return privateKeyReference; }

    Read the article

  • TripleDES in Perl/PHP/ColdFusion

    - by Seidr
    Recently a problem arose regarding hooking up an API with a payment processor who were requesting a string to be encrypted to be used as a token, using the TripleDES standard. Our Applications run using ColdFusion, which has an Encrypt tag - that supports TripleDES - however the result we were getting back was not what the payment processor expected. First of all, here is the resulting token the payment processor were expecting. AYOF+kRtg239Mnyc8QIarw== And below is the snippet of ColdFusion we were using, and the resulting string. <!--- Coldfusion Crypt (here be monsters) ---> <cfset theKey="123412341234123412341234"> <cfset theString = "username=test123"> <cfset strEncodedEnc = Encrypt(theString, theKey, "DESEDE", "Base64")> <!--- resulting string(strEncodedEnc): tc/Jb7E9w+HpU2Yvn5dA7ILGmyNTQM0h ---> As you can see, this was not returning the string we were hoping for. Seeking a solution, we ditched ColdFusion for this process and attempted to reproduce the token in PHP. Now I'm aware that various languages implement encryption in different ways - for example in the past managing encryption between a C# application and PHP back-end, I've had to play about with padding in order to get the two to talk, but my experience has been that PHP generally behaves when it comes to encryption standards. Anyway, on to the PHP source we tried, and the resulting string. /* PHP Circus (here be Elephants) */ $theKey="123412341234123412341234"; $theString="username=test123"; $strEncodedEnc=base64_encode(mcrypt_ecb (MCRYPT_3DES, $theKey, $theString, MCRYPT_ENCRYPT)); /* resulting string(strEncodedEnc): sfiSu4mVggia8Ysw98x0uw== */ As you can plainly see, we've got another string that differs from both the string expected by the payment processor AND the one produced by ColdFusion. Cue head-against-wall integration techniques. After many to-and-fro communications with the payment processor (lots and lots of reps stating 'we can't help with coding issues, you must be doing it incorrectly, read the manual') we were finally escalated to someone with more than a couple of brain-cells to rub together, who was able to step back and actually look at and diagnose the issue. He agreed, our CF and PHP attempts were not resulting in the correct string. After a quick search, he also agreed that it was not neccesarily our source, but rather how the two languages implemented their vision of the TripleDES standard. Coming into the office this morning, we were met by an email with a snippet of source code, in Perl. This is was the code they were directly using on their end to produce the expected token. #!/usr/bin/perl # Perl Crypt Calamity (here be...something) use strict; use CGI; use MIME::Base64; use Crypt::TripleDES; my $cgi = CGI->new(); my $param = $cgi->Vars(); $param->{key} = "123412341234123412341234"; $param->{string} = "username=test123"; my $des = Crypt::TripleDES->new(); my $enc = $des->encrypt3($param->{string}, $param->{key}); $enc = encode_base64($enc); $enc =~ s/\n//gs; # resulting string (enc): AYOF+kRtg239Mnyc8QIarw== So, there we have it. Three languages, three implementations of what they quote in the documentation as TripleDES Standard Encryption, and three totally different resulting strings. My question is, from your experience of these three languages and their implementations of the TripleDES algorithm, have you been able to get any two of them to give the same response, and if so what tweaks to the code did you have to make in order to come to the result? I understand this is a very drawn out question, but I wanted to give clear and precise setting for each stage of testing that we had to perform. I'll also be performing some more investigatory work on this subject later, and will post any findings that I come up with to this question, so that others may avoid this headache.

    Read the article

  • RSA encryption/ Decryption in a client server application

    - by user308806
    Hi guys, probably missing something very straight forward on this, but please forgive me, I'm very naive! Have a client server application where the client identifies its self with an RSA encrypted username & password. Unfortunately I'm getting a "bad padding exception: data must start with zero" when i try to decrypt with the public key on the client side. I'm fairly sure the key is correct as I have tested encrypting with public key then decrypting with private key on the client side with no problems at all. Just seems when I transfer it over the connection it messses it up somehow?! Using PrintWriter & BufferedReader on the sockets if thats of importance. EncodeBASE64 & DecodeBASE64 encode byte[] to 64base and vice versa respectively. Any ideas guys?? Client side: Socket connectionToServer = new Socket("127.0.0.1", 7050); InputStream in = connectionToServer.getInputStream(); DataInputStream dis = new DataInputStream(in); int length = dis.readInt(); byte[] data = new byte[length]; // dis.readFully(data); dis.read(data); System.out.println("The received Data*****************************************"); System.out.println("The length of bits "+ length); System.out.println(data); System.out.println("***********************************************************"); Decryption d = new Decryption(); byte [] ttt = d.decrypt(data); System.out.print(data); String ss = new String(ttt); System.out.println("***********************"); System.out.println(ss); System.out.println("************************"); Server Side: in = connectionFromClient.getInputStream(); OutputStream out = connectionFromClient.getOutputStream(); DataOutputStream dataOut = new DataOutputStream(out); LicenseList licenses = new LicenseList(); String ValidIDs = licenses.getAllIDs(); System.out.println(ValidIDs); Encryption enc = new Encryption(); byte[] encrypted = enc.encrypt(ValidIDs); byte[] dd = enc.encrypt(ValidIDs); String tobesent = new String(dd); //byte[] rsult = enc.decrypt(dd); //String tt = String(rsult); System.out.println("The sent data**********************************************"); System.out.println(dd); String temp = new String(dd); System.out.println(temp); System.out.println("*************************************************************"); //BufferedWriter bf = new BufferedWriter(OutputStreamWriter(out)); //dataOut.write(ValidIDs.getBytes().length); dataOut.writeInt(ValidIDs.getBytes().length); dataOut.flush(); dataOut.write(encrypted); dataOut.flush(); System.out.println("********Testing**************"); System.out.println("Here are the ids:::"); System.out.println(licenses.getAllIDs()); System.out.println("**********************"); //bw.write("it is working well\n");

    Read the article

  • Google Books Downloader Downloads Google Books to PDF and JPG

    - by Jason Fitzpatrick
    If you’re looking for a way to download and format shift books and magazines found in Google Books, Google Books Downloader can help. Google Books Downloader takes what you can see in Google Books and downloads it either as a PDF file or as a series of JPGs. The key to using Google Books Downloader successfully is to understand that it can only download what you can see sitting at your computer. It isn’t tapping into some secret back-end resource at Google to siphon books down; it is simply converting the pages you see that are “stuck” in Google Books into a format you can use elsewhere. As such you can download the entire book if it is marked “Full Preview”, part of the book if it is marked “Preview” (useful if you’re trying to save pages for a research project and don’t need the whole book), and none of the book if it is only “Snippet View”. The process works on anything you can find in Google Books including magazines. Google Books Downloader is free, Windows only. Google Books Downloader [via Addictive Tips] How To Encrypt Your Cloud-Based Drive with BoxcryptorHTG Explains: Photography with Film-Based CamerasHow to Clean Your Dirty Smartphone (Without Breaking Something)

    Read the article

  • Electric Dreams: Picking Out a Vintage 1980s Computer [Video]

    - by Jason Fitzpatrick
    What if you had to pick out a 1980s era computer for use in your home today? BBC show Electric Dreams walks us through the history with a “time traveling” family. Electric Dreams is a show based on the novel premise that an average British family is starting, technologically speaking, in the 1970s and progressing over a month to the year 2000–restricted each step of the way to using technology available only in the era they are emulating. In the above video clip they’ve reached 1982 and visit the National Museum of Computing to pick out a vintage computer. It’s interesting to see the kids interact with the computer and experience programming for, presumably, the first time. Have a vintage computer memory (mine is programming on a Timex Sinclair); let’s hear about it in the comments. Electric Dreams – The 1980s ‘The Micro Home Computer Of 1982′ [via O'Reilly Radar] How To Encrypt Your Cloud-Based Drive with BoxcryptorHTG Explains: Photography with Film-Based CamerasHow to Clean Your Dirty Smartphone (Without Breaking Something)

    Read the article

  • Is this a secure solution for RESTful authentication?

    - by Chad Johnson
    I need to quickly implement a RESTful authentication system for my JavaScript application to use. I think I understand how it should work, but I just want to double check. Here's what I'm thinking -- what do you guys think? Database schema users id : integer first_name : varchar(50) last_name : varchar(50) password : varchar(32) (MD5 hashed) etc. user_authentications id : integer user_id : integer auth_token : varchar(32) (AES encrypted, with keys outside database) access_token : varchar(32) (AES encrypted, with keys outside database) active : boolean Steps The following happens over SSL. I'm using Sinatra for the API. JavaScript requests authentication via POST to /users/auth/token. The /users/auth/token API method generates an auth_token hash, creates a record in user_authentications, and returns auth_token. JavaScript hashes the user's password and then salts it with auth_token -- SHA(access_token + MD5(password)) POST the user's username and hashed+salted password to /users/auth/authenticate. The /users/auth/authenticate API method will verify that SHA(AES.decrypt(access_token) + user.password) == what was received via POST. The /users/auth/authenticate will generate, AES encrypt, store, and return an access token if verification is successful; otherwise, it will return 401 Unauthorized. For any future requests against the API, JavaScript will include access_token, and the API will find the user account based on that.

    Read the article

  • Performance Overhead of Encrypted /home

    - by SabreWolfy
    I have a netbook with Windows on the second partition and Xubuntu (/ and /home) on the third partition. I selected to encrypt my home folder during installation. The performance of the netbook is adequate for the small machine that it is, but I'm looking to improve performance. I could not find much information about the overhead (CPU or drive) associated with home partition encryption. I ran the following, writing to my home partition as well as the the mounted Windows partition: dd if=/dev/zero of=~/dummy bs=512 count=10240 dd if=/dev/zero of=/media/Windows/dummy bs=512 count=10240 The first returned 2.4MB/s and the second returned 2.5MB/s. Can I therefore deduce that there is very little overhead to home folder encryption? I'm not sure if the different filesystems will make any difference (/ and /home are ext3). Update 1 I don't know why I didn't use /tmp instead of the mounted Windows folder. Only /home is encrypted, so /tmp is unencrypted ext3. The results of the dd as above are astounding: ~: 2.4 MB/s /tmp: 42.6 MB/s Comments please? The reason I am asking this is that disk access on the netbook is noticeably slow. Update 2 I timed each of the dd operations with time: ~: real 0m2.217s user 0m0.028s sys 0m2.176s /tmp: real 0m0.152s user 0m0.012s sys 0m0.136s See also: discussion on UbuntuForums.org and bug report Edit: Output of mount: /dev/sda3 on / type ext3 (rw,noatime,errors=remount-ro,user_xattr,commit=600) proc on /proc type proc (rw,noexec,nosuid,nodev) none on /sys type sysfs (rw,noexec,nosuid,nodev) fusectl on /sys/fs/fuse/connections type fusectl (rw) none on /sys/kernel/debug type debugfs (rw) none on /sys/kernel/security type securityfs (rw) none on /dev type devtmpfs (rw,mode=0755) none on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620) none on /dev/shm type tmpfs (rw,nosuid,nodev) none on /var/run type tmpfs (rw,nosuid,mode=0755) none on /var/lock type tmpfs (rw,noexec,nosuid,nodev) binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,noexec,nosuid,nodev) gvfs-fuse-daemon on /home/USER/.gvfs type fuse.gvfs-fuse-daemon (rw,nosuid,nodev,user=USER) `

    Read the article

  • Lösungen zum Anfassen – die Oracle Demo-Plattform

    - by A&C Redaktion
    Mit der neuen Demo-Plattform möchte Oracle den schnellen Zugang zu vorbereiteten Demo-Umgebungen anbieten. Denn manchmal sagt eine kurze Demonstration mehr, als tausend Erklärungsversuche. Oracle hat daher eine Demo-Plattform eingerichtet, auf der laufend neue Lösungen und Produkte anschaulich vorgeführt werden. Dabei geht es nicht um die theoretischen Möglichkeiten, sondern um ganz praktische Problemfälle – und wie diese bewältigt werden. Das aktuelle Thema ist Database Security am Beispiel der E-Business Suite – ein Thema, das so mancher Partner im Kundengespräch gut gebrauchen kann. In der folgenden Demo-Umgebung können Sie die Datenbank-Sicherheitsfunktionen wie die transparente Verschlüsselung von Applikationsdaten (hier am Beispiel E-Business Suite – es funktioniert aber auch mit SAP oder anderen Anwendungen) und das Rechtekonzept für Anwender und DBAs Ihren Kunden direkt vorstellen. In der Demo können Sie die Funktionalität von Oracle Database Vault, Oracle Advanced Security, Security Option und Oracle Label Security erläutern. Oracle Advanced Security Address Industry and Privacy Regulations with Encryption Protect Application Data with Transparent Data Encryption Encrypt Data on the Network Oracle Database Vault Increase Security For Data Consolidation and Out-Sourced Administration Protect Application Data with Privileged User Controls  Enforce Multi-factor Authorization and Separation of Duty Oracle Label Security Use Security Groups to control data access Assign OLS attributes to application, not necessarily database, users Jede Demo stellt Ihnen einen beispielhaften Demo-Guide zur Verfügung, an dem Sie sich orientieren können. Dies ist der direkte Weg zur Demo-Plattform, auf der Sie für Ihre eigenen Lernzwecke die Demo anschauen können sowie auch einen Zeitraum für Kundenpräsentationen reservieren können. 

    Read the article

  • Lösungen zum Anfassen – die Oracle Demo-Plattform

    - by A&C Redaktion
    Mit der neuen Demo-Plattform möchte Oracle den schnellen Zugang zu vorbereiteten Demo-Umgebungen anbieten. Denn manchmal sagt eine kurze Demonstration mehr, als tausend Erklärungsversuche. Oracle hat daher eine Demo-Plattform eingerichtet, auf der laufend neue Lösungen und Produkte anschaulich vorgeführt werden. Dabei geht es nicht um die theoretischen Möglichkeiten, sondern um ganz praktische Problemfälle – und wie diese bewältigt werden. Das aktuelle Thema ist Database Security am Beispiel der E-Business Suite – ein Thema, das so mancher Partner im Kundengespräch gut gebrauchen kann. In der folgenden Demo-Umgebung können Sie die Datenbank-Sicherheitsfunktionen wie die transparente Verschlüsselung von Applikationsdaten (hier am Beispiel E-Business Suite – es funktioniert aber auch mit SAP oder anderen Anwendungen) und das Rechtekonzept für Anwender und DBAs Ihren Kunden direkt vorstellen. In der Demo können Sie die Funktionalität von Oracle Database Vault, Oracle Advanced Security, Security Option und Oracle Label Security erläutern. Oracle Advanced Security Address Industry and Privacy Regulations with Encryption Protect Application Data with Transparent Data Encryption Encrypt Data on the Network Oracle Database Vault Increase Security For Data Consolidation and Out-Sourced Administration Protect Application Data with Privileged User Controls  Enforce Multi-factor Authorization and Separation of Duty Oracle Label Security Use Security Groups to control data access Assign OLS attributes to application, not necessarily database, users Jede Demo stellt Ihnen einen beispielhaften Demo-Guide zur Verfügung, an dem Sie sich orientieren können. Dies ist der direkte Weg zur Demo-Plattform, auf der Sie für Ihre eigenen Lernzwecke die Demo anschauen können sowie auch einen Zeitraum für Kundenpräsentationen reservieren können. 

    Read the article

  • Android-Libgdx-ProGuard: Usefulness without DexGuard? [on hold]

    - by Rico Pablo Mince
    So I'm developing a game for Android - using LibGDX - and noticed that the Android SDK (HDK, MDK, WhatTheHellEvarDK) has ProGuard built-in. Browsing the ProGuard page is like searching Google: you get that the idea is to sell some product (in this case, it's DexGuard). That leaves me wondering what features are left out of ProGuard that a game developer targeting Android should worry about. For instance, the ProGuard FAQs answer the question: "Does ProGuard encrypt string constants?" by saying: "No. String encryption in program code has to be perfectly reversible by definition, so it only improves the obfuscation level. It increases the footprint of the code. However, by popular demand, ProGuard's closed-source sibling for Android, DexGuard, does provide string encryption, along with more protection techniques against static and dynamic analysis." Alright. OK. But isn't "...improves the obfuscation level" EXACTLY what ProGuard is supposed to do? Are there better options that can be implemented at build-time in Eclipse using the Gradle options and Libgdx? In particular, the assets folder and res-specific folders will need some protection. The code itself doesn't cure cancer, but I'd prefer if nobody could copy/paste it with different game art and call it "IhAxEdUrGamE"....

    Read the article

  • Internal Data Masking

    - by ACShorten
    By default, the data in the product is unmasked for authorized users. If particular data within the object is considered a candidate for data masking then the masking capabilities with the product can be used to mask the data in an appropriate fashion. The inbuilt Data Masking capabilities of the Oracle Utilities Application Framework uses a number of configuration elements: An algorithm, of type F1-MASK, is specified to configure the elements of the data masking including the masking character, number of suffix characters left unmasked, characters to ignore in the string, the application service, security type and authorization levels applicable to the mask. A Data Masking Feature Configuration is created to define where the algorithm applies. The specification of the feature allows you to define the fields to encrypt using the configured algorithm. The algorithm can be attached to a schema field, table field, characteristic, search field and even a child record (such as an identifier). The appropriate user groups are then connected to the application services with the appropriate service types and level to indicate whether the masking applies to the user group or not. For example, say there is a field called CCNBR in the product which holds the credit card details. I would create an algorithm, say CCformatCC, to mask the credit card number with the last few digits as unmasked (as the standard in most systems dictate). I would specify on the Field Mask the following: field="CCNBR", alg="CMformatCC" On the algorithm CMfomatCC, I would specify the mask, application service, security type and the authorization level which users would see the credit card unmasked. To finish the configuration off and to implemention I would connect the appropriate user groups to the application service I specified with the security type and appropriate authorization level for that group. Whenever a user accesses the CCNBR field on any of the maintenance screens, searches and other screens that use the CCNBR meta data definition would then be masked according to the user group that the user was a member of. Refer to the documentation supplied with F1-MASK algorithm type entry for more examples of what is possible.

    Read the article

  • Doesn't boot after installation

    - by jchysk
    Downloaded Ubuntu 12.04.1-alternate-amd64 Installed to USB stick Integrity check fails on ./install/netboot/ubuntu-installer/amd64/pxelinux.cfg/default but that seems to be a known bug where the file isn't included in the alternative 64-bit ISO and shouldn't affect installation. I ignore it and proceed on. For partitioning on 2 SSD Drives: Partition 300MB and 63GB on both RAID1 the 300MB and 63GBs Set the 300MB to EXT4 on /boot Encrypt the rest as MD1 and set it for LVM Create two volumes from MD1: 4GB swap and 59GB to / I go through the installation and get to the point where it says everything is ready and to take the media out so as to boot from the drives I receive the error "Error: No video mode activated." on startup I've read that this can be solved by running "cp /usr/share/grub/*.pf2 /boot/grub" and then updating grub but I can't get to a place where I can actually run this command. In rescue mode I can get to a shell from installer with /boot mounted to /target. So from there I can run "cp /cdrom/boot/grub/font.pf2 /target/grub/" but can't figure out a way to get it to update grub after that or know how what to change in manually updating the grub.cfg file. If I try other devices to mount the root filesystem I get the error "An error occurred while mounting the device you entered for your root file system". It just sits on the video mode error and doesn't progress further. Googling around it seems like people see the error briefly before it continues booting, not getting stuck on it the way I am which leads me to believe that error may be unrelated to Ubuntu not booting. So any ideas as to what I should try next or what needs to be done to install Ubuntu and get it to boot would be helpful.

    Read the article

  • E3 Booth Babes Display a Painful Lack of Video Game Knowledge [Video]

    - by Jason Fitzpatrick
    If you thought a prerequisite for manning a booth at an electronics expo was a passing knowledge of the electronics and games you were promoting, you were wrong. In the above video Chloe Dykstra puts a set of “booth babes” from the E3 2011 conference to the test by asking them simple questions about video games both new and old. If you’re a gaming fan and you can watch this video without laughing out loud you’ve got an iron will (or you’re shaking your head in disbelief that someone could work a gaming convention and not know the answers to these questions). We won’t lie, we were shaking our head when the one model admitted that she’d worked at GameStop for a year and still didn’t know any of the answers. What questions would you put on list? How about “Finish this sentence: ‘Your Princess is in another…’”, “Dimension?”. 5HP: Booth Babe Edition – E3 2011 [YouTube via Kotaku] How To Encrypt Your Cloud-Based Drive with BoxcryptorHTG Explains: Photography with Film-Based CamerasHow to Clean Your Dirty Smartphone (Without Breaking Something)

    Read the article

  • How to access an encrypted INI file from C on an embedded system with little RAM

    - by Mawg
    I want to encrypt an INI file using a Delphi program on a Windows PC. Then I need to decrypt & access it in C on an embedded system with little RAM. I will do that once & fetch all info; I will not be consutinuously accessing the INI file whenever my program needs data from the file. Any advice as to which encryption to use? Nothing too heavyweight, just good enough for "Security through obscurity" and FOSS for both Delphi & C. And how can I decrypt, get all the info from the INI file - using as little RAM as possible, and then free any allocated RAM? I hope that someone can help. [Update] I am currently using an Atmel UC3, although I am not sure if that will be the final case. It has 512kB falsh & 128kB RAM. For an INI file, I am talking of max 8 sections, with a total of max 256 entries, each max 8 chars. I chose INI (but am not married to it), because i have had major problems in the past when the format of a data fiel changes, no matter whether binary, or text. For tex, I prefer the free format of INI (on PC), but suppose I could switch to line_1=data_1, line_2=data_2 and accept that if I add new fields in future software erleases they must come at the end, even if it is not pretty when read directly by humans. I suppose if I choose a fixed format text file then I never need get more than one line into RAM at a time ...

    Read the article

  • What do I need to develop a PHP extension in lampp?

    - by Fernando Costa
    Actually I'm dealing with a trouble in my system, I have to delivery the system to clients and it was built in PHP, JS, ShellScript and SQL. I would like to encrypt the code or obfuscate it from eyes of others! Then someone from the community told me about build my own PHP extension, it sounds to me as a great idea, since it will not be with the main code of the system. But I have a problem doing this way, if a programmer get in the extensions and find it, all the hard work has gone. Then I'm here to ask again about this matter. What is the best way to hide my Business Logic from third parties? I know that has stuffs like IonCube, Zend Guard, and many others. But I'm looking something that I can build myself. Is PHP extension the right way to follow? Or some Half SaaS system, with dependencies (Business Logic) in a remote server? About the environment OS: Kernel Linux 2.6.37.1-1.2 - LAMPP (Apache 2.2, MySQL 5.5 PHP 5.3.8) In php generally the extension is located at /php/ext/ but in lampp I have no idea where it is, I just found a folder /opt/lampp/lib/php/extensions/ is that right place?

    Read the article

< Previous Page | 23 24 25 26 27 28 29 30 31 32 33 34  | Next Page >