Search Results

Search found 379 results on 16 pages for 'cryptography'.

Page 3/16 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • String encryption in C# and Objective c

    - by nbojja
    Hi All, I am building a iPhone app which uses c# web services. My c# web services takes user details and validates against my DB and returns xml files. So Now the issue is how to encrypt user details(username and password are 10chars each) in objective c and decrypt in C#. I am very new to cryptography, which method is the best. will it be possible to encrypt in Objective c and Decrypt in C#. thanks..

    Read the article

  • RijndaelManaged: IV Generation?

    - by cam
    I want to implement the most secure, and most reliable form of symmetric key cryptography in my application. The user should input a password to encrypt/decrypt, and that's all. For RijndaelManaged, one must enter a key and an IV. I'm not sure how to address the situation. Right now, I have the entered password being hashed by SHA256 and then being used as the key for the Rijndael. What do I use for the IV? Another password?

    Read the article

  • Validating signature trust with gpg?

    - by larsks
    We would like to use gpg signatures to verify some aspects of our system configuration management tools. Additionally, we would like to use a "trust" model where individual sysadmin keys are signed with a master signing key, and then our systems trust that master key (and use the "web of trust" to validate signatures by our sysadmins). This gives us a lot of flexibility, such as the ability to easily revoke the trust on a key when someone leaves, but we've run into a problem. While the gpg command will tell you if a key is untrusted, it doesn't appear to return an exit code indicating this fact. For example: # gpg -v < foo.asc Version: GnuPG v1.4.11 (GNU/Linux) gpg: armor header: gpg: original file name='' this is a test gpg: Signature made Fri 22 Jul 2011 11:34:02 AM EDT using RSA key ID ABCD00B0 gpg: using PGP trust model gpg: Good signature from "Testing Key <[email protected]>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: ABCD 1234 0527 9D0C 3C4A CAFE BABE DEAD BEEF 00B0 gpg: binary signature, digest algorithm SHA1 The part we care about is this: gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. The exit code returned by gpg in this case is 0, despite the trust failure: # echo $? 0 How do we get gpg to fail in the event that something is signed with an untrusted signature? I've seen some suggestions that the gpgv command will return a proper exit code, but unfortunately gpgv doesn't know how to fetch keys from keyservers. I guess we can parse the status output (using --status-fd) from gpg, but is there a better way?

    Read the article

  • Crypto-Analysis of keylogger logs and config file. Possible?

    - by lost.
    Is there anyway Encryption on an unidentified file can be broken(file in question: config file and log files from ardamax keylogger). These files date back all the way to 2008. I searched everywhere, nothing on slashdot, nothing on google. Ardamax Keyviewer? Should I just write to Ardamax? I am at a loss of what to do. I feel comprimised. Anyone managed to decrpyt files with Crypto-analysis? More Information-- There are log files in the folder and a configuration file, "akv.cfg". Is it possible to decrypt the files and maybe getting the attackers email address used to receive the keylogger logs? I've Checked ardamax.com. They have an built-in log viewer. But its unavailable for download. If superuser isn't the proper place to ask, know where I might get help?

    Read the article

  • md5sum returns a different hash value than online hash generators

    - by Ravi
    On suse10, md5sum myname gives md5 hash as 49b0939cb2db9d21b038b7f7d453cd5d The file myname contains string "ravi" while some of the online md5 hash generators for the same string seem to give a different hash http://md5-encryption.com/ http://www.miraclesalad.com/webtools/md5.php They spit out the hash for "ravi" as 63dd3e154ca6d948fc380fa576343ba6 Why is there a difference in md5sum for the same string "ravi" ?

    Read the article

  • Decrypting Windows XP encrypted files from an old disk

    - by Uri Cohen
    I had an old Windows XP machine with an encrypted directory. When moving to a new Win7 machine I connected the old disk as a slave in the new machine, and hence cannot access the encrypted files. Chances don't seem good as documentation warns you: "Do not Delete or Rename a User's account from which will want to Recover the Encrypted Files. You will not be able to de-crypt the files using the steps outlined above." On the other hand, I have full access to the machine, so maybe there's a utility which can extract the keys and use the to decrypt the files... BTW, I didn't have a password in the old machine, if it's relevant. Ideas, anyone? Thanks!

    Read the article

  • openssl creates invalid signature if run by a different user

    - by divB
    Very strange problem here: openssl successfully creates signatures but only those created as root are valid whereas created by another user (www-data) are invalid! All files are readable and there are not error messages: # echo -ne Test | openssl dgst -ecdsa-with-SHA1 -sign activation.key > /tmp/asRoot.der # su www-data $ echo -ne Test | openssl dgst -ecdsa-with-SHA1 -sign activation.key > /tmp/asWww-data.der $ uname -a Linux linux 2.6.32-5-openvz-amd64 #1 SMP Mon Feb 25 01:16:25 UTC 2013 i686 GNU/Linux $ cat /etc/debian_version 6.0.7 Both files (asRoot.der and asWww-data.der) are transfered to a different computer for verification with the public key: $ echo -ne Test | openssl dgst -verify activation.pub -keyform DER -signature asRoot.der Verified OK $ echo -ne Test | openssl dgst -verify activation.pub -keyform DER -signature asWww-data.der Verification Failure That can't be true! What's wrong here?

    Read the article

  • Encrypt shared files on AD Domain.

    - by Walter
    Can I encrypt shared files on windows server and allow only authenticated domain users have access to these files? The scenario as follows: I have a software development company, and I would like to protect my source code from being copied by my programmers. One problem is that some programmers use their own laptops to developing the company's software. In this scenario it's impossible to prevent developers from copying the source code for their laptops. In this case I thought about the following solution, but i don't know if it's possible to implement. The idea is to encrypt the source code and they are accessible (decrypted) only when developers are logged into the AD domain, ie if they are not logged into the AD domain, the source code would be encrypted be useless. Can be implemented this ? What technology should be used?

    Read the article

  • Computing Number of Bits in Public Key

    - by eb80
    I am working with DKIM and trying to compute the public key size of some DKIM signatures. I know from tools that Gmail's is now 2048, but how could I have figured this out myself (i.e., what exact Linux commands and why)? user@host$ dig txt 20120113._domainkey.gmail.com ; <<>> DiG 9.8.3-P1 <<>> txt 20120113._domainkey.gmail.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52228 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;20120113._domainkey.gmail.com. IN TXT ;; ANSWER SECTION: 20120113._domainkey.gmail.com. 300 IN TXT "k=rsa\; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Kd87/UeJjenpabgbFwh+eBCsSTrqmwIYYvywlbhbqoo2DymndFkbjOVIPIldNs/m40KF+yzMn1skyoxcTUGCQs8g3FgD2Ap3ZB5DekAo5wMmk4wimDO+U8QzI3SD0" "7y2+07wlNWwIt8svnxgdxGkVbbhzY8i+RQ9DpSVpPbF7ykQxtKXkv/ahW3KjViiAH+ghvvIhkx4xYSIc9oSwVmAl5OctMEeWUwg8Istjqz8BZeTWbf41fbNhte7Y+YqZOwq1Sd0DbvYAD9NOZK9vlfuac0598HY+vtSBczUiKERHv1yRbcaQtZFh5wtiRrN04BLUTD21MycBX5jYchHjPY/wIDAQAB" ;; Query time: 262 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Mon Nov 19 10:52:06 2012 ;; MSG SIZE rcvd: 462

    Read the article

  • Custom Rule Sets in JohnTheRipper

    - by user854619
    I'm trying to create a custom rule set to do hash cracking. I have a SHA1 hash and a rule set that was enforced to create the password. The password must be of the form, 6-8 characters Every other letter changes case Password "shifts" characters at least one degree and at most three One odd number and one even number are at the beginning of the password One special character and one punctuation character are appended to the end of the password How can I defined a brute force attack in JohnTheRipper or similar hash cracking program? I've also attempted to write code to generate a wordlist of possible passwords, with no success. Thanks!

    Read the article

  • Best solution top keep data secure

    - by mrwooster
    What is the simplest and most elegant way of storing a small amount of data in a reasonably secure way? I am not looking for ridiculous levels of advanced encryption (AES-256 is more than enough) and I am only looking to encrypt a small number of files. The files I wish to encrypt are mostly comprised of password lists and SSH keys for servers. Unfortunately it is impossible to keep track of ever changing passwords for my servers (and SSH keys) and so need to keep a list of the passwords. Obviously this list needs to be secure, and also portable (I work from multiple locations). At the moment, I use a 10MB encrypted disk image on my mac (std .dmg AES-256) and just mount it whenever I need access to the data. To my knowledge this is very secure and I am very happy using it. However, the data is not very portable. I would like to be able to access my data from other machines (especially ones running linux), and I am aware that there are quite a few issues trying to mount an encrypted .dmg on linux. An alternative I have considered is to create a tar archive containing the files and use gpg --symmetric to encrypt it, but this is not a very elegant solution as it requires gpg to be installed on every system. So, what over solutions exist, and which ones would you consider to be the most elegant? Ty

    Read the article

  • Isn't a hidden volume used when encrypting a drive with TrueCrypt detectable?

    - by neurolysis
    I don't purport to be an expert on encryption (or even TrueCrypt specifically), but I have used TrueCrypt for a number of years and have found it to be nothing short of invaluable for securing data. As relatively well known free, open-source software, I would have thought that TrueCrypt would not have fundamental flaws in the way it operates, but unless I'm reading it wrong, it has one in the area of hidden volume encryption. There is some documentation regarding encryption with a hidden volume here. The statement that concerns me is this (emphasis mine): TrueCrypt first attempts to decrypt the standard volume header using the entered password. If it fails, it loads the area of the volume where a hidden volume header can be stored (i.e. bytes 65536–131071, which contain solely random data when there is no hidden volume within the volume) to RAM and attempts to decrypt it using the entered password. Note that hidden volume headers cannot be identified, as they appear to consist entirely of random data. Whilst the hidden headers supposedly "cannot be identified", is it not possible to, on encountering an encrypted volume encrypted using TrueCrypt, determine at which offset the header was successfully decrypted, and from that determine if you have decrypted the header for a standard volume or a hidden volume? That seems like a fundamental flaw in the header decryption implementation, if I'm reading this right -- or am I reading it wrong?

    Read the article

  • How many guesses per second are possible against an encrypted disk? [closed]

    - by HappyDeveloper
    I understand that guesses per second depends on the hardware and the encryption algorithm, so I don't expect an absolute number as answer. For example, with an average machine you can make a lot (thousands?) of guesses per second for a hash created with a single md5 round, because md5 is fast, making brute force and dictionary attacks a real danger for most passwords. But if instead you use bcrypt with enough rounds, you can slow the attack down to 1 guess per second, for example. 1) So how does disk encryption usually work? This is how I imagine it, tell me if it is close to reality: When I enter the passphrase, it is hashed with a slow algorithm to generate a key (always the same?). Because this is slow, brute force is not a good approach to break it. Then, with the generated key, the disk is unencrypted on the fly very fast, so there is not a significant performance lose. 2) How can I test this with my own machine? I want to calculate the guesses per second my machine can make. 3) How many guesses per second are possible against an encrypted disk with the fastest PC ever so far?

    Read the article

  • How to generate Serial Keys? [closed]

    - by vincent mathew
    Which software can I use to generate Product keys if I have the GroupId, KeyId, Secret and Hash for the generation? Edit: I had seen a post which generated Product Keys using this information. [Additional Key Details/Activation Decryption*: GroupId = 86f 2159 KeyId = ed46 60742 Secret = e0cdc320ba048 3954789545910344 Hash = 5f 95 ] So I was wondering if there is any software which could generate keys using this information? Thanks.

    Read the article

  • App.config connection string Protection error

    - by MikeScott8
    I am running into an issue I had before; can't find my reference on how to solve it. Here is the issue. We encrypt the connection strings section in the app.config for our client application using code below: config = ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None) If config.ConnectionStrings.SectionInformation.IsProtected = False Then config.ConnectionStrings.SectionInformation.ProtectSection(Nothing) ' We must save the changes to the configuration file.' config.Save(ConfigurationSaveMode.Modified, True) End If The issue is we had a salesperson leave. The old laptop is going to a new salesperson and under the new user's login, when it tries to to do this we get an error. The error is: Unhandled Exception: System.Configuration.ConfigurationErrorsException: An error occurred executing the configuration section handler for connectionStrings. ---> System.Configuration.ConfigurationErrorsException: Failed to encrypt the section 'connectionStrings' using provider 'RsaProtectedConfigurationProvider'. Error message from the provider: Object already exists. ---> System.Security.Cryptography.CryptographicException: Object already exists

    Read the article

  • Decrypting PKCS#7 encrypted data in C#

    - by Johnny Egeland
    I am working on a solution that needs to decrypt PKCS#7 encrypted data, preferably in C#. As far as I can see, the .NET api has support for this through the System.Security.Cryptography.Pkcs namespace. However it seems that the implementation can only work on byte arrays. So what do I do when I have a large encrypted file that does not fit into the memory? Am I missing something here, or is there another way to do this on a Stream level instead of using bytearrays?

    Read the article

  • AesCryptoServiceProvider not part of SymmetricAlgorithm?

    - by user330006
    I have a quick little app that steps through the possible symmetric encryption methods. I get them with the following line: private static List<Type> GetAlgorithmTypes { get { return Assembly.GetAssembly(typeof(SymmetricAlgorithm)).GetTypes().Where( type => type.IsSubclassOf(typeof(SymmetricAlgorithm))).ToList(); } } As you can see when i run this, AesCryptoServiceProvider is not a member of this group, even though it inherits from AES, which does belong to SymmetricAlgorithm and shows up in my list. This wouldn't be so much of a problem, i can manually add the provider in the group if i have too, but then if i try to retrieve this type by its name: Type t = Type.GetType("System.Security.Cryptography.AesCryptoServiceProvider"); i get a null object for AesCryptoServiceProvider, but not for any of the other items in the group. This is really strange, and i'm wondering if anyone has any ideas. It's kinda making me need to use tripleDES because of this (since my machines are all running the FIPS compliance requirement). Thanks for any help!

    Read the article

  • RAW key generation in IOS with AES

    - by sudheer
    I am novice to the cryptography in ios . I got a requirement to convert android encryption code into IOS . Below is the android code part. I need that in IOS . Can any one please help me out in this . I need this below android code in IOS. private static byte[] getRawKey(byte[] seed) throws Exception { KeyGenerator kgen = KeyGenerator.getInstance("AES"); SecureRandom sr = SecureRandom.getInstance("SHA1PRNG"); sr.setSeed(seed); kgen.init(256, sr); SecretKey skey = kgen.generateKey(); byte[] raw = skey.getEncoded(); return raw; }

    Read the article

  • Worked Example of Digital Signature Algorithm

    - by drelihan
    Hi Folks, Does anybody have a DSA worked example with simple values on how to calculate r,s and verify v == r. As this standard has been around awhile and is implemented in librarys e.g. the Java Cryptography Extension I'm finding it very hard to find an example of how the algorithm works. Compute r=(gk mod p) mod q Compute s=(k-1 * (x * r + i)) mod q Verifying a signature; again i is the input, and (r,s) is the signature. u1 = (s-1 * i) mod q u2 = (s-1 * r) mod q v = ((gu1 * yu2) mod p) mod q If v equals r, the signature is valid. Thanks,

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >