Search Results

Search found 12324 results on 493 pages for 'password encryption'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 31/493 | < Previous Page | 27 28 29 30 31 32 33 34 35 36 37 38  | Next Page >

  • Silverlight and Encryption, how to store/generate they key/iv pair?

    - by cmaduro
    I have a Silverlight app that connects to a php webservice. I want to encrypt the communication between the webservice and the Silverlight client. I'm not relying on SSL. I'm encrypting/decrypting the POST string myself using AES 256bit Key and IV. The big questions then are: How do I generate a random unique key/iv pair in PHP. How do I share this key/iv pair between the web service and silverlight client in a secure way. It seems impossible without having some kind of hard coded key or iv on the client. Which would compromise security. This is a public website, there are no logins. Just the requirement of secure communication. I can hard code the seed for the key/iv (which is hashed with SHA256 with a time stamp salt and then assigned as the key or iv) in PHP source code, that's on the server so that is pretty safe. However on the client the seed for the key/iv pair would be visible, if it is hard coded. Further more using a time stamp as the basis for uniqueness/randomness is definitely not ok, since timestamps are predictable. It does however provide a common factor between the C# code and the PHP code. The only other option that I can think of would be to have a 3rd service involved that provides the key/iv to the Silverlight client, as well as the php webservice. This of course start the cycle anew, with the question of how to store the credentials for accessing the key/iv distribution service on the Silverlight client. Sounds like the solution is then asymmetric encryption, since sensitive data will be viewed only on the administrative back end of the website. Unfortunately Silverlight has no asymmetric encryption classes. The solution? Roll my own Diffie-Hellman key exchange! Plug that key into AES256!

    Read the article

  • Using AES encryption in .NET - CryptographicException saying the padding is invalid and cannot be removed

    - by Jake Petroules
    I wrote some AES encryption code in C# and I am having trouble getting it to encrypt and decrypt properly. If I enter "test" as the passphrase and "This data must be kept secret from everyone!" I receive the following exception: System.Security.Cryptography.CryptographicException: Padding is invalid and cannot be removed. at System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer, Int32 outputOffset, PaddingMode paddingMode, Boolean fLast) at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount) at System.Security.Cryptography.CryptoStream.FlushFinalBlock() at System.Security.Cryptography.CryptoStream.Dispose(Boolean disposing) at System.IO.Stream.Close() at System.IO.Stream.Dispose() ... And if I enter something less than 16 characters I get no output. I believe I need some special handling in the encryption since AES is a block cipher, but I'm not sure exactly what that is, and I wasn't able to find any examples on the web showing how. Here is my code: using System; using System.IO; using System.Security.Cryptography; using System.Text; public static class DatabaseCrypto { public static EncryptedData Encrypt(string password, string data) { return DatabaseCrypto.Transform(true, password, data, null, null) as EncryptedData; } public static string Decrypt(string password, EncryptedData data) { return DatabaseCrypto.Transform(false, password, data.DataString, data.SaltString, data.MACString) as string; } private static object Transform(bool encrypt, string password, string data, string saltString, string macString) { using (AesManaged aes = new AesManaged()) { aes.Mode = CipherMode.CBC; aes.Padding = PaddingMode.PKCS7; int key_len = aes.KeySize / 8; int iv_len = aes.BlockSize / 8; const int salt_size = 8; const int iterations = 8192; byte[] salt = encrypt ? new Rfc2898DeriveBytes(string.Empty, salt_size).Salt : Convert.FromBase64String(saltString); byte[] bc_key = new Rfc2898DeriveBytes("BLK" + password, salt, iterations).GetBytes(key_len); byte[] iv = new Rfc2898DeriveBytes("IV" + password, salt, iterations).GetBytes(iv_len); byte[] mac_key = new Rfc2898DeriveBytes("MAC" + password, salt, iterations).GetBytes(16); aes.Key = bc_key; aes.IV = iv; byte[] rawData = encrypt ? Encoding.UTF8.GetBytes(data) : Convert.FromBase64String(data); using (ICryptoTransform transform = encrypt ? aes.CreateEncryptor() : aes.CreateDecryptor()) using (MemoryStream memoryStream = encrypt ? new MemoryStream() : new MemoryStream(rawData)) using (CryptoStream cryptoStream = new CryptoStream(memoryStream, transform, encrypt ? CryptoStreamMode.Write : CryptoStreamMode.Read)) { if (encrypt) { cryptoStream.Write(rawData, 0, rawData.Length); return new EncryptedData(salt, mac_key, memoryStream.ToArray()); } else { byte[] originalData = new byte[rawData.Length]; int count = cryptoStream.Read(originalData, 0, originalData.Length); return Encoding.UTF8.GetString(originalData, 0, count); } } } } } public class EncryptedData { public EncryptedData() { } public EncryptedData(byte[] salt, byte[] mac, byte[] data) { this.Salt = salt; this.MAC = mac; this.Data = data; } public EncryptedData(string salt, string mac, string data) { this.SaltString = salt; this.MACString = mac; this.DataString = data; } public byte[] Salt { get; set; } public string SaltString { get { return Convert.ToBase64String(this.Salt); } set { this.Salt = Convert.FromBase64String(value); } } public byte[] MAC { get; set; } public string MACString { get { return Convert.ToBase64String(this.MAC); } set { this.MAC = Convert.FromBase64String(value); } } public byte[] Data { get; set; } public string DataString { get { return Convert.ToBase64String(this.Data); } set { this.Data = Convert.FromBase64String(value); } } } static void ReadTest() { Console.WriteLine("Enter password: "); string password = Console.ReadLine(); using (StreamReader reader = new StreamReader("aes.cs.txt")) { EncryptedData enc = new EncryptedData(); enc.SaltString = reader.ReadLine(); enc.MACString = reader.ReadLine(); enc.DataString = reader.ReadLine(); Console.WriteLine("The decrypted data was: " + DatabaseCrypto.Decrypt(password, enc)); } } static void WriteTest() { Console.WriteLine("Enter data: "); string data = Console.ReadLine(); Console.WriteLine("Enter password: "); string password = Console.ReadLine(); EncryptedData enc = DatabaseCrypto.Encrypt(password, data); using (StreamWriter stream = new StreamWriter("aes.cs.txt")) { stream.WriteLine(enc.SaltString); stream.WriteLine(enc.MACString); stream.WriteLine(enc.DataString); Console.WriteLine("The encrypted data was: " + enc.DataString); } }

    Read the article

  • How to Use a PIN Instead of a Password in Windows 8

    - by Taylor Gibb
    Entering your full password on a touch screen device can really become a pain in the neck, luckily for us we can link a short 4 digit PIN to our user account and log in with that instead. Note: PIN codes are nowhere near as safe as using an alphanumeric password, however, they do still have a purpose when you don’t want to enter your 15 character password on a touch screen device. Creating a PIN Press the Win + I keyboard combination to bring up the Settings Charm, then click on the Change PC settings link. This will open up the Modern UI PC Settings app, where you can click on the Users section. On the right hand side you will see a Create a PIN button, click on it. Now you will need to verify that you are the owner of this user account by entering your password. Then you can choose a PIN, remember that it can only contain digits. Now when you get to the login screen you will have the option to use a PIN. How To Boot Your Android Phone or Tablet Into Safe Mode HTG Explains: Does Your Android Phone Need an Antivirus? How To Use USB Drives With the Nexus 7 and Other Android Devices

    Read the article

  • SSH asks for password

    - by user1435470
    I have already : Installed the server Generated the pub/pri keys with -P "" Copied the id_rsa.pub to authorized_keys ssh localhost answered "yes", copied to known_hosts tried ssh localhost still asks for password Output: hduser@hduser1-desktop:~$ ssh -v localhost OpenSSH_5.3p1 Debian-3ubuntu7, OpenSSL 0.9.8k 25 Mar 2009 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to localhost [127.0.0.1] port 22. debug1: Connection established. debug1: identity file /home/hduser/.ssh/identity type -1 debug1: identity file /home/hduser/.ssh/id_rsa type 1 debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 debug1: identity file /home/hduser/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3p1 Debian- 3ubuntu7 debug1: match: OpenSSH_5.3p1 Debian-3ubuntu7 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu7 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'localhost' is known and matches the RSA host key. debug1: Found key in /home/hduser/.ssh/known_hosts:3 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering public key: /home/hduser/.ssh/id_rsa debug1: Authentications that can continue: publickey,password debug1: Trying private key: /home/hduser/.ssh/identity debug1: Trying private key: /home/hduser/.ssh/id_dsa debug1: Next authentication method: password Any suggestions ? Cheers

    Read the article

  • Password Cracking in 2010 and Beyond

    - by mttr
    I have looked a bit into cryptography and related matters during the last couple of days and am pretty confused by now. I have a question about password strength and am hoping that someone can clear up my confusion by sharing how they think through the following questions. I am becoming obsessed about these things, but need to spend my time otherwise :-) Let's assume we have an eight-digit password that consists of upper and lower-case alphabetic characters, numbers and common symbols. This means we have 8^96 ~= 7.2 quadrillion different possible passwords. As I understand there are at least two approaches to breaking this password. One is to try a brute-force attack where we try to guess each possible combination of characters. How many passwords can modern processors (in 2010, Core i7 Extreme for eg) guess per second (how many instructions does a single password guess take and why)? My guess would be that it takes a modern processor in the order of years to break such a password. Another approach would consist of obtaining a hash of my password as stored by operating systems and then search for collisions. Depending on the type of hash used, we might get the password a lot quicker than by the bruteforce attack. A number of questions about this: Is the assertion in the above sentence correct? How do I think about the time it takes to find collisions for MD4, MD5, etc. hashes? Where does my Snow Leopard store my password hash and what hashing algorithm does it use? And finally, regardless of the strength of file encryption using AES-128/256, the weak link is still my en/decryption password used. Even if breaking the ciphered text would take longer than the lifetime of the universe, a brute-force attack on my de/encryption password (guess password, then try to decrypt file, try next password...), might succeed a lot earlier than the end of the universe. Is that correct? I would be very grateful, if people could have mercy on me and help me think through these probably simple questions, so that I can get back to work.

    Read the article

  • How to get user input before saving a file in Sublime Text

    - by EddieJessup
    I'm making a plugin in Sublime Text that prompts the user for a password to encrypt a file before it's saved. There's a hook in the API that's executed before a save is executed, so my naïve implementation is: class TranscryptEventListener(sublime_plugin.EventListener): def on_pre_save(self, view): # If document is set to encode on save if view.settings().get('ON_SAVE'): self.view = view # Prompt user for password message = "Create a Password:" view.window().show_input_panel(message, "", self.on_done, None, None) def on_done(self, password): self.view.run_command("encode", {password": password}) The problem with this is, by the time the input panel appears for the user to enter their password, the document has already been saved (despite the trigger being 'on_pre_save'). Then once the user hits enter, the document is encrypted fine, but the situation is that there's a saved plaintext file, and a modified buffer filled with the encrypted text. So I need to make Sublime Text wait until the user's input the password before carrying out the save. Is there a way to do this? At the moment I'm just manually re-saving once the encryption has been done: def on_pre_save(self, view, encode=False): if view.settings().get('ON_SAVE') and not view.settings().get('ENCODED'): self.view = view message = "Create a Password:" view.window().show_input_panel(message, "", self.on_done, None, None) def on_done(self, password): self.view.run_command("encode", {password": password}) self.view.settings().set('ENCODED', True) self.view.run_command('save') self.view.settings().set('ENCODED', False) but this is messy and if the user cancels the encryption then the plaintext file gets saved, which isn't ideal. Any thoughts? Edit: I think I could do it cleanly by overriding the default save command. I hoped to do this by using the on_text_command or on_window_command triggers, but it seems that the save command doesn't trigger either of these (maybe it's an application command? But there's no on_application_command). Is there just no way to override the save function?

    Read the article

  • Can't work out security

    - by user215351
    I installed Ubuntu on puter I am the only user I alone use. I was trying a to find out how to repair hardware faults. Surprised to find I was not the owner and that there is a password that locks me out. I only set one password during set up so what is this mysterious password. As far as I'm concerned it is overdone on security, Im sick of authenticating every 3 seconds. I need a simpler system

    Read the article

  • Fixing /etc/shadow with md5 passwords to sha512 passwords

    - by dr jimbob
    I recently upgraded an ubuntu server with many users to a recent version from a version from 2008. The server used to use md5 password hashes (e.g., the shadow passwords began with $1$) and now is configured to use sha512. I'd prefer to keep using sha512, but would like the old users to be able to partially login once with their old password and then be forced to update their password (even if its the same password) generating a sha512. Right now, the old md5-based passwords in /etc/shadow won't let the user login at all (and just appear to be incorrect passwords). This seems like plenty of people should have had to do this before; yet I can't see how to do it, looking in the common places like /etc/pam.d/common-password nad /etc/login.defs. Also users will be logging in via ssh; and I do not have everyone's contact info (email or otherwise); and some login fairly rarely. Any help? (Googling doesn't seem to give any good solutions).

    Read the article

  • Securing data inside Azure SQL? Any good libraries or DIY?

    - by Sid
    Azure SQL doesn't support many of the encryption features found in SQL Server (Table and Column encryption). We need to store some sensitive information that needs to be encrypted and we've rolled our own using AesCryptoServiceProvider to encrypt/decrypt data to/from the database. This solves the immediate issue (no cleartext in db) but poses other problems like Key rotation (we have to roll our own code for this, walking through the db converting old cipher text into new cipher text) metadata mapping of which tables and which columns are encrypted. This is simple with it's a few but quickly gets out of hand ... So are there any libraries out there that do this well? Any other resources or design patterns I can be pointed to?

    Read the article

  • Can't Enter Password in Recovery Mode

    - by Mike Lentini
    When I go into recovery mode to get to the command line, I enter "telinit 3" to drop out of root. This works on my desktop, but on my laptop it asks for my username and password, then I hit enter and the first letter of my password appears and it doesn't log me in. It then proceeds to ask me for my username and password again, and the issue continues. Am I doing something wrong? Is this a known issue with a solution? EDIT: Worked around this by going into /etc/default/grub and setting it to boot in text mode. Still would like a solution for this though.

    Read the article

  • Can not enter password for sudo [duplicate]

    - by Michael
    This question already has an answer here: add repository to ubuntu from terminal with pgp key 3 answers I have used Ubuntu for several years, and I can not enter password for sudo, and this is when i wanna add a key to public.gpg for itunes10 it dos not work, and the password normal works wite sudo but not in the terminal when i enter: sudo wget -q "http:// deb.playonlinux.com/public.gpg" -o- | sudo apt-get add - and it says this 'sorry try again', and i just had installed itunes10, and have to add a key whit wget to public.gpg, and i tried to enter in the terminal: sudo apt-get update and the password works fine but not whit using sudo wget, and can some one please help.

    Read the article

  • How to disable password prompt for default keyring?

    - by user110431
    I'm using Ubuntu 12.10 64Bit. How to disable ubuntu enter password for keyring default to unlock prompt ? Every time I open Chrome or ubuntu software center, this annoying window jump out. I have being searching online for a long time, most of the answers are like delete ~/.gnome2/keyring XX , but I don't have such directory or go to password and keys , disable some option, but this window is empty in my case, very strange , even I add a new password keyring, it is still empty. None of these methods works in my case. I will be very appreciate if you can help

    Read the article

  • installation password

    - by tdot
    I just updated to ubuntu 11.10 and am getting "Your authentication attempt was unsuccessful." I am the only user and am the Administrator, during login on my keyring i set to logon automatically, but it still askes me for my password. So i put in my old one and it works. But when i go to install apps it asks again and nothing works! Also if i go to user accounts and try to unlock or change my password it won't let me! It says under password "None" so what's going on?! I'm new to Ubuntu! Help!

    Read the article

  • Can't access my Ubuntu admin account

    - by Kermilli
    It just shows a black screen with words in it for a fraction of a second and then gets back to users screen(where you choose your user). I tried to enter from another account and removed the password for the admin account , but it didn't work too , and then I couldn't access my admin privileged places with my old password ? What should I do ? I tried to change my password from recovery but no success.

    Read the article

  • Encrypted Ubuntu Partition HELP!

    - by user207984
    I had Zorin 7 Encrypted. I accidentally deleted important GRUB data trying to make more room in the boot folder i think? So the computer would no longer boot up. Anyways, I installed a second Linux OS on the same laptop, but I am unable to access all of my important information that is still on the encrypted partition. When i go to mount it to access everything, it asks for the encryption password... however, it tells me the password is incorrect, which I know 100% that it is the correct password. Someone please help me! Inform me how I can access this encrypted partition or restore the data so that I can boot the computer in Zorin 7 again.

    Read the article

  • Can't access my admin ubuntu account

    - by Kermilli
    It just shows a black screen with words in it for a fraction of a second and then gets back to users screen(where you choose your user). I tried to enter from another account and removed the password for the admin account , but it didn't work too , and then I couldn't access my admin privileged places with my old password ? What should I do ? I tried to change my password from recovery but no success.

    Read the article

  • MySQL prevents server from booting unless password is entered

    - by ZaneKullman
    I am kind of new with Ubuntu but I have been working on setting up a LAMP server with hamachi as a vpn client for management. The issue is that when we turn the server on or restart it we are required to enter the MySQL password before it will continue. Where can we script a password or disable this? I have attached a partial of less /var/log/boot.log * Starting MySQL ServerESC[204G[ OK ] ....... ok Password: If I haven't provided enough information please just comment and Ill try my best.

    Read the article

  • Remmina password problem with windows server 2008 R2

    - by Hcbayram
    I use Ubuntu 12.04. I am already using Remmina both with RDP and VNC connections for several servers. For one of my servers I have a problem to login after login window opens. The server is Windows 2008 R2. The screen for entering user and password comes but does not accept the password. I guess the problem is with language but password does not contain any problematic letter except a $ sign. When connecting from Windows 7 there is no problem.

    Read the article

  • Full password not required to access password protected directory?

    - by user617123
    I password protected a directory in cPanel. When I went to access the page in my browser, I accidentally hit backspace on the password before I hit enter. Surprisingly, the page still loaded. I played around with it and realized that I could remove the last 4 or 5 characters and the password would still work. Any more than that and it would fail. I'm just curious why this behavior is happening and whether or not it's anything to worry about?

    Read the article

  • ldapsearch password file format

    - by orsogufo
    How am I supposed to pass a password to ldapsearch using the -y <password file> option? If I write the password in the password file in plain text, I get this error: ldap_bind: Invalid credentials (49) additional info: 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772 The same happens if I use the -w <password> option. Am I missing something?

    Read the article

  • Java encryption : with method can get me a shorter message ?

    - by Frank
    I don't know too much about encryption, I just want to ask, which method can get me the shortest result message ? For instance, the message looks like this : "This is the secret input message", I wonder if the encrypted message can be shorter then the above 32 characters long ? Maybe something like "dfkfjkvf12". Frank

    Read the article

  • WMI query to check setting "Reversible Encryption" in Windows XP

    - by Mart
    In Windows XP, there are two settings in Group Policy I'm looking at: Password must meet complexity requirements Store password using reversible encryption Both of these settings are under Local Computer Policy/Computer Config/Windows Settings/Security Settings/Account Policies/Password Policy. For the first one, I have found the setting in RSOP_SecurityEventLogSettingBoolean class in WMI. However, I can't find the latter. Does anybody know in which class in WMI can I read that particular setting?

    Read the article

  • How to get compatibility between C# and SQL2k8 AES Encryption?

    - by Victor Rodrigues
    I have an AES encryption being made on two columns: one of these columns is stored at a SQL Server 2000 database; the other is stored at a SQL Server 2008 database. As the first column's database (2000) doesn't have native functionality for encryption / decryption, we've decided to do the cryptography logic at application level, with .NET classes, for both. But as the second column's database (2008) allow this kind of functionality, we'd like to make the data migration using the database functions to be faster, since the data migration in SQL 2k is much smaller than this second and it will last more than 50 hours because of being made at application level. My problem started at this point: using the same key, I didn't achieve the same result when encrypting a value, neither the same result size. Below we have the full logic in both sides.. Of course I'm not showing the key, but everything else is the same: private byte[] RijndaelEncrypt(byte[] clearData, byte[] Key) { var memoryStream = new MemoryStream(); Rijndael algorithm = Rijndael.Create(); algorithm.Key = Key; algorithm.IV = InitializationVector; var criptoStream = new CryptoStream(memoryStream, algorithm.CreateEncryptor(), CryptoStreamMode.Write); criptoStream.Write(clearData, 0, clearData.Length); criptoStream.Close(); byte[] encryptedData = memoryStream.ToArray(); return encryptedData; } private byte[] RijndaelDecrypt(byte[] cipherData, byte[] Key) { var memoryStream = new MemoryStream(); Rijndael algorithm = Rijndael.Create(); algorithm.Key = Key; algorithm.IV = InitializationVector; var criptoStream = new CryptoStream(memoryStream, algorithm.CreateDecryptor(), CryptoStreamMode.Write); criptoStream.Write(cipherData, 0, cipherData.Length); criptoStream.Close(); byte[] decryptedData = memoryStream.ToArray(); return decryptedData; } This is the SQL Code sample: open symmetric key columnKey decryption by password = N'{pwd!!i_ll_not_show_it_here}' declare @enc varchar(max) set @enc = dbo.VarBinarytoBase64(EncryptByKey(Key_GUID('columnKey'), 'blablabla')) select LEN(@enc), @enc This varbinaryToBase64 is a tested sql function we use to convert varbinary to the same format we use to store strings in the .net application. The result in C# is: eg0wgTeR3noWYgvdmpzTKijkdtTsdvnvKzh+uhyN3Lo= The same result in SQL2k8 is: AI0zI7D77EmqgTQrdgMBHAEAAACyACXb+P3HvctA0yBduAuwPS4Ah3AB4Dbdj2KBGC1Dk4b8GEbtXs5fINzvusp8FRBknF15Br2xI1CqP0Qb/M4w I just didn't get yet what I'm doing wrong. Do you have any ideas? EDIT: One point I think is crucial: I have one Initialization Vector at my C# code, 16 bytes. This IV is not set at SQL symmetric key, could I do this? But even not filling the IV in C#, I get very different results, both in content and length.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 27 28 29 30 31 32 33 34 35 36 37 38  | Next Page >