Search Results

Search found 1154 results on 47 pages for 'rsa sha1'.

Page 33/47 | < Previous Page | 29 30 31 32 33 34 35 36 37 38 39 40 | Next Page >

C#: How to Make it Harder for Hacker/Cracker to Get Around or Bypass the Licensing Check?

- by Peter Lee

Hi all, Suppose that the user has saved the License file under the Application.StartupPath, where all users can read. And then, every time when the app starts, it will check if it can find and verify the license file. If the app can find and verify, we let the user to continue with full functinalities. If not, we prompt a MessageBox showing "Unlicencsed, continue to use with trial version, functionalities limited." My question is, if I'm a hacker/cracker, I would try to get around or bypass the licensing check instead of cracking the license file, because, if we use RSA signature, it's very difficult to crack a license file. So where should we put the license check? thanks. Merry Christmas and Happy New Year! Peter P.S.: and also, is it safe if I put a global variable IsLicensed (true / false) to limit the functionalities? Is it easy for a hacker to change IsLicensed = true?

Read the article
Jar extraction and verification in BlackBerry

- by Basilio

Hi All, The application I am currently working on requires me to extract contents from and verify the authenticity of the signed jar that is stored on the SD Card. In Java [and Android], we have the java.util.jar and java.util.zip classes, that allow to extract jar. However, J2ME or BlackBerry® does not provide support for these packages. I have, however, successfully extracted these using the third party ZipMe library. Can anyone let me know, how to get the signature block from the .DSA/.RSA file to authenticate the jar? I have the certificate that was used to sign the jar as well. This is easily done in Java using the getCertificates() method available in java.util.jar.JarFile. Is there any 3rd party API available that emulates the JarFile for BlackBerry®? Any help in this regard will be deeply appreciated. Thanks & Regards Basilio John Vincent D'souza

Read the article
Is Eclipse Remote System Explorer broken on Windows?

- by Kev

I have the following setup on Windows 7 Ultimate x64: Eclipse Indigo 2.7.2 (Build: M20120208-0800) Remote System Explorer 3.3.2 (see screenshot) (Oracle/Sun) Java 1.6 Update 31 (x86) Despite all my best efforts I am unable to connect to a remote system (a Centos 5.6 server on my local LAN) using a Remote System Explorer SSH connection - I've tried both password authentication and using my SSH private key. Here is a screenshot of both the Eclipse error dialogue and what is logged in my /var/log/secure log file: /var/log/secure: Apr 1 12:00:21 nagios sshd[6176]: Received disconnect from 172.16.3.88: 3: com.jcraft.jsch.JSchException: Auth fail When I connect for the first time I do get prompted to verify the authenticity of the remote host and the RSA key fingerprint. But that's as far as things go. Performing the same operation with the same credentials on my Fedora Core 16 box (also running the same version of Eclipse and Java) to the same server is successful. This leads me to believe that RSE SSH support on Windows is either broken or there's some piece of the SSH-on-Windows puzzle I'm missing. Is this the case?

Read the article
Generating short license keys with OpenSSL

- by Marc Charbonneau

I'm working on a new licensing scheme for my software, based on OpenSSL public / private key encryption. My past approach, based on this article, was to use a large private key size and encrypt an SHA1 hashed string, which I sent to the customer as a license file (the base64 encoded hash is about a paragraph in length). I know someone could still easily crack my application, but it prevented someone from making a key generator, which I think would hurt more in the long run. For various reasons I want to move away from license files and simply email a 16 character base32 string the customer can type into the application. Even using small private keys (which I understand are trivial to crack), it's hard to get the encrypted hash this small. Would there be any benefit to using the same strategy to generated an encrypted hash, but simply using the first 16 characters as a license key? If not, is there a better alternative that will create keys in the format I want?

Read the article
How to verify a signature using M2Crypto 0.16

- by Daniel Mccain

After some goggling I found some usual answers for this question, like: http://stackoverflow.com/questions/595114/how-to-load-an-rsa-key-from-a-pem-file-and-use-it-in-python-crypto some code: x509 = X509.load_cert_string(certificate) pubkey = x509.get_pubkey() pubkey.reset_context(md=sha1) pubkey.verify_init() pubkey.verify_update(content) decoded_signature = signature.decode('base64') if pubkey.verify_final(decoded_signature)==0: print 'error' sys.exit(1) and the code presented above works fine in M2Crypto 0.20. But I need to do exactly the same think using the M2Crypto 0.16 (the official package in RHEL5), and I have problems using the pubkey.verify_final method because in this particular version the signature parameter doesn't exist. So how can I do it? using the M2Crypto 0.16 Thanks.

Read the article
ssh script gives "key_read" error

- by lugte098

I'm using a script that connects to a cluster through ssh and sends some commands, then quits the connection. This script basically connects once using ssh, then executes a script in this session. This script loops through a list of commands a few times and after it is finished, the connection is terminated. So this script works fine, except for the fact that after a few loops it gives me the following error at loop 22. And then again at loop 32. The loops do exactly the same thing, so i cannot grasp the problem the script is facing. This is the error: key_read: uudecode AAAAB3NzaC1yc2EAAAABIwAAAQEAxmNx2hcXLpTjuaa3yKC3B9gbF7KprP2/ CH8fBgMbCyIcOB+ZMQDmEnbVTqedBwV/mxjZzorEpHTM8MX2WsTjFsxwzDgcpuxm+3cwfb0WSy9Y4Kb F8crAsRDbBIpUZ2n/iSdRcds9nTjk6PA61kTS24RLACHpqF18vudlO5WcbCOnAwa+DdUs0Raw29UiQc BaC6M4YPnApq9Ayy7a6qFI2uK6efkwfLTZIDivWlIdLpRLEyuBEpozQQhEd0mrGhR/ Gl1GevRvFMms14130xQ4A5UpJSn6CmrRIWBkcgp1TilqDGQ1F5xZOinnc4C00gFrbT3hkkQqY5A9p node023,10.141.0.31 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxmNx2hcXLpTjuaa3yKC3 B9gbF7KprP2/CH8fBgMbCyIcOB+ZMQDmEnbVTqedBwV/mxjZzorEpHTM8MX2WsTjFsxwzDgcpuxm+ 3cwfb0WSy9Y4KbF8crAsRDbBIpUZ2n/iSdRcds9nTjk6PA61kTS24RLACHpqF18vudlO5WcbCOnAw a+DdUs0Raw29UiQcBaC6M4YPnApq9Ayy7a6qFI2uK6efkwfLTZIDivWlIdLpRLEyuBEpozQQhEd0m rGhR/Gl1GevRvFMms14130xQ4A5UpJSn6CmrRIWBkcgp1TilqDGQ1F5xZOinnc4C00gFrbT3hkkQqY5 A9pa0lQHFkSw==

Read the article
[Sql-Server]what data type to use for password salt and hash values and what length?

- by Pandiya Chendur

I am generating salt and hash values from my passwords by using, string salt = CreateSalt(TxtPassword.Text.Length); string hash = CreatePasswordHash(TxtPassword.Text, salt); private static string CreateSalt(int size) { //Generate a cryptographic random number. RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider(); byte[] buff = new byte[size]; rng.GetBytes(buff); // Return a Base64 string representation of the random number. return Convert.ToBase64String(buff); } private static string CreatePasswordHash(string pwd, string salt) { string saltAndPwd = String.Concat(pwd, salt); string hashedPwd = FormsAuthentication.HashPasswordForStoringInConfigFile( saltAndPwd, "sha1"); return hashedPwd; } What datatype you would suggest for storing these values in sql server? Any suggestion... Salt:9GsPWpFD Hash:E778AF0DC5F2953A00B35B35D80F6262CDBB8567

Read the article
How to generate, sign and import SSL certificate from Java

- by Demiurg

I need to generate a self signed certificates at run time, sign them and import to the Java keystore. I can do this using "keytool" and "openssl" from command line in the following way: keytool -import -alias root -keystore keystore.txt -file cacert.pem keytool -genkey -keyalg RSA -keysize 1024 -alias www.cia.gov -keystore keystore.txt keytool -keystore keystore.txt -certreq -alias www.cia.gov -file req.pem openssl x509 -req -days 3650 -in req.pem -CA cacert.pem -CAkey cakey.pem -CAcreateserial -out reqsigned.pem keytool -import -alias www.cia.gov -keystore keystore.txt -trustcacerts -file reqsigned.pem I can, of course, ship my application with keytool and openssl binaries and execute the above commands from Java, but I'm looking for a cleaner approach which would allow me to do all of the above using pure Java. Any libraries I can use ?

Read the article
Get CruiseControl to talk to github with the correct public key.

- by Danny Lister

Hi All, Has anybody installed git and ControlControl and got CruiseControl to pull from GitHub on a window 2003 server. I keep getting public key errors (access denied) - Which is good i suppose as that confirms git is talking to github. However what is not good is that I dont not know where to install the rsa keys so they will be picked up by the running process (git in the context of cc.net). Any help would save me a lot of hair! I have tried installing the keys into; c:\Program Files\Git.ssh Whereby running git bash and cd ~ take me to: c:\Program Files\Git Current error from CC.net is Error Message: ThoughtWorks.CruiseControl.Core.CruiseControlException: Source control operation failed: Permission denied (publickey). fatal: The remote end hung up unexpectedly . Process command: C:\Program Files\Git\bin\git.exe fetch origin Thanks in advance

Read the article
Network Security and Encryption explained in laymen terms

- by Ehrann Mehdan

Although I might pretend very well that I known a thing about networks or security and it might help me pass an interview, or fix a bug, I don't really feel I'm fooling anyone. I'm looking for a laymen terms explanation of nowadays network security concepts and solutions. The information is scattered around and I didn't find a resource for "dummies" like me (e.g experienced Java developers that can speak the jargon but have no real clue what it means) Topics I have a weak notion about and want to understand better as a Java developer PGP Public / Private keys RSA / DES SSL and 2 way SSL (keystore / trustore) Protecting against Man in the middle fraud Digital Signature and Certificates Is there a resource out there that really explains it in a way that doesn't require a Cisco certificate / Linux lingo / know what is subnet masking or other plumbing skills?

Read the article
Is it okay to truncate a SHA256 hash to 128 bits?

- by Sunny Hirai

MD5 and SHA-1 hashes have weaknesses against collision attacks. SHA256 does not but it outputs 256 bits. Can I safely take the first or last 128 bits and use that as the hash? I know it will be weaker (because it has less bits) but otherwise will it work? Basically I want to use this to uniquely identify files in a file system that might one day contain a trillion files. I'm aware of the birthday problem and a 128 bit hash should yield about a 1 in a trillion chance on a trillion files that there would be two different files with the same hash. I can live with those odds. What I can't live with is if somebody could easily, deliberately, insert a new file with the same hash and the same beginning characters of the file. I believe in MD5 and SHA1 this is possible.

Read the article
Git using wrong email address when talking to Heroku

- by David

git clone [email protected]:myapp.git Results in a "myoldemailaddress not authorized to access myapp" myoldemailaddress was an email address I was using on an old heroku account, but it seems to be stuck using it, I can use my new one. I've removed the .heroku directory, and regenerated it, it has the correct user name and password, I can see my apps listed I've uploaded my key (I've regenerated my several times now) ssh-keygen -t rsa -C mynewaddress I uninstalled and reinstalled heroku on a different user in the same machine it works just fine. Something about my account has my old address, but I can't figure out where.

Read the article
Why is capistrano acting up like this?

- by Matt

I am having an issue with my deploy i ran cap deploy and got this Warning: Permanently added 'github.com,207.97.227.239' (RSA) to the list of known hosts. ** [174.143.150.79 :: out] Permission denied (publickey). ** fatal: The remote end hung up unexpectedly command finished *** [deploy:update_code] rolling back * executing "rm -rf /home/deploy/transprint/releases/20110105034446; true" servers: ["174.143.150.79"] [174.143.150.79] executing command here is my deploy.rb set :application, "transprint" set :domain, "174.149.150.79" set :user, "deploy" set :use_sudo, false set :scm, :git set :deploy_via, :remote_cache set :app_path, "production" set :rails_env, 'production' set :repository, "[email protected]:myname/something.git" set :scm_username, 'deploy' set :deploy_to, "/home/deploy/#{application}" role :app, domain role :web, domain role :db, domain, :primary => true please help

Read the article
Killing the mysqld process

- by Josh K

I have a table with ~800k rows. I ran an update users set hash = SHA1(CONCAT({about eight fields})) where 1; Now I have a hung Sequel Pro process and I'm not sure about the mysqld process. This is two questions: What harm can possibly come from killing these programs? I'm working on a separate database, so no damage should come to other databases on the system, right? Assume you had to update a table like this. What would be a quicker / more reliable method of updating without writing a separate script. I just checked with phpMyAdmin and it appears as though the query is complete. I still have Sequel Pro using 100% of both my cores though...

Read the article
hash password in SQL Server (asp.net)

- by ile

Is this how hashed password stored in SQL Server should look like? This is function I use to hash password (I found it in some tutorial) public string EncryptPassword(string password) { //we use codepage 1252 because that is what sql server uses byte[] pwdBytes = Encoding.GetEncoding(1252).GetBytes(password); byte[] hashBytes = System.Security.Cryptography.MD5.Create().ComputeHash(pwdBytes); return Encoding.GetEncoding(1252).GetString(hashBytes); } EDIT I tried to use sha-1 and now strings seem to look like as they are suppose to: public string EncryptPassword(string password) { return FormsAuthentication.HashPasswordForStoringInConfigFile(password, "sha1"); } // example output: 39A43BDB7827112409EFED3473F804E9E01DB4A8 Result from the image above looks like broken string, but this sha-1 looks normal.... Will this be secure enough?

Read the article
Codeigniter: A nice straight forward tutorial on how to build a reset password/forgotten password?

- by Psychonetics

I've built a full sign up system with user account activation, login, validation, captcha etc. To complete this I now need to implement a forgot password/reset password feature.. I have created one function that generates a random password 8 characters, another method that takes that random password word and applies sha1 and hashing. Also one that takes that hashed password and stores it in a table in the database. I will keep these methods to one side as they might come in handy later on but for now I would like to know if anyone can point me to a nice tutorial for creating a password reset feature for my website. Thanks in advance

Read the article
How to manually verify a user against the asp.net memberhip database

- by Ekk

I would like to know how I can verify a user's credential against an existing asp.net membership database. The short story is that we want provide single sign on access. So what I've done is to connect directly to the membership database and tried to run a sql query against the aspnet_Membership table: private bool CanLogin(string userName, string password) { // Check DB to see if the credential is correct try { string passwordHash = FormsAuthentication.HashPasswordForStoringInConfigFile(password, "SHA1"); string sql = string.Format("select 1 from aspnet_Users a inner join aspnet_Membership b on a.UserId = b.UserId and a.applicationid = b.applicationid where a.username = '{0}' and b.password='{1}'", userName.ToLowerInvariant(), passwordHash); using (SqlConnection sqlConn = new SqlConnection(ConfigurationManager.ConnectionStrings["LocalSqlServer"].ConnectionString)) using (SqlCommand sqlCmd = new SqlCommand(sql, sqlConn)) { sqlConn.Open(); int count = sqlCmd.ExecuteNonQuery(); sqlConn.Close(); return count == 1; } } catch (Exception ex) { return false; } } The problem is the password value, does anyone know how the password it is hashed?

Read the article
relating data stored in NoSQL DB to data stored in SQL DB

- by seanbrant

Whats the best way to use a SQL DB along side a NoSQL DB? I want to keep my users and other data in postgres but have some data that would be better suited for a NoSQL DB like redis. I see a lot of talk about switching to NoSQL but little talk on integrating it with existing systems. I think it would be foolish to throw the baby out with the bath water and ditch SQL all together, unless it makes things easier to maintain and develop. I'm wondering what the best approach is for relating data stored in SQL to my data in redis. I was thinking of something along the line of this. User object stored in SQL Book object in redis, key sh1 hash of value, value is a JSON string Relations stored in redis, key User.pk:books, value redis set of sha1's Anyone have experience, tips, better ways?

Read the article
Encrypting password in compiled C or C++ code

- by Daniel

Hello!, I know how to compile C and C++ Source files using GCC and CC in the terminal, however i would like to know if its safe to include passwords in these files, once compiled. For example.. i check user input for a certain password e.g 123, but it appears compiled C/C++ programs is possible to be decompiled. Is there anyway to compile a C/C++ source file, while keeping the source completely hidden.. If not, could anyone provide a small example of encrypting the input, then checking against the password e.g: (SHA1, MD5)

Read the article
PHP: Safe way to store decryptable passwords

- by Jammer

I'm making an application in PHP and there is a requirement that it must be possible to decrypt the passwords in order to avoid problems in the future with switching user database to different system. What encryption/decryption algorithm would you suggest? Is it good idea to just store the encrypted value and then compare the future authentication attempts to that value? Are the passwords still as safe as MD5/SHA1 when the private key is not available to the attacker (Hidden in USB drive for example)? I should still use salting, right? What encryption libraries should I use for PHP?

Read the article
OpenSSL compatible API for Scala?

- by pfleidi

Hello, I'm working on a project with a friend. He's implementing his software in Ruby and I'm doing my stuff in Scala (with Lift). We're using some asynchronous encryption and he is using the ruby OpenSSL bindings for that: key = OpenSSL::PKey::RSA.generate(4096) self.public_key = key.public_key self.private_key = key What I'm looking for is a simple API which is compatible to OpenSSL and runs on the JVM. I need it to create key-pairs and to encrypt and sign our payload. Do you have any suggestions?

Read the article
Is there a single Git command to get the current tag, branch and commit?

- by Koraktor

I'm currently using a collection of three commands to get the current tag, branch and the date and SHA1 of the most recent commit. git describe --always --tag git log -1 --format="%H%n%aD" git rev-parse --abbrev-ref HEAD Which will output something like: 1.2.3-gdeadbeef deadbeef3b8d90071c24f51ac8f26ce97a72727b Wed, 19 May 2010 09:12:34 +0200 master To be honest, I'm totally fine with this. But I'm using these commands from Maven and anyone who'd used Maven before, knows how much things like external commands bloat the POM. I just want to slim down my pom.xml and maybe reduce execution time a bit.

Read the article
variable being weirdly deleted

- by calccrypto

im having a weird problem with one variable: its not being recognized but its still printing. i would post my code, but it is massive. the basic idea is: # pseudocode def function(stuff): <do stuff> # These are the only 2 conditions if tag == 3: pka = <a string> if tag == 4: pka = <a string> print pka # (1) print pka # (2) <do stuff not modifying pka> print pka # (3) if pka == 'RSA': <do stuff> elif pka == 'DSA': <do stuff> my code will error at (2). however, it will print out (1), (2), and (3), all of which are the same. is there any general explanation of why this is happening? if my code is really needed, i will post it, but otherwise, i would rather not due to its size update: now the code will error at the if statement after (3), saying UnboundLocalError: local variable 'pka' referenced before assignment even though (1),(2),(3) just printed

Read the article
Best way to convert between [Char] and [Word8]?

- by cmars232

I'm new to Haskell and I'm trying to use a pure SHA1 implementation in my app (Data.Digest.Pure.SHA) with a JSON library (AttoJSON). AttoJSON uses Data.ByteString.Char8 bytestrings, SHA uses Data.ByteString.Lazy bytestrings, and some of my string literals in my app are [Char]. This article seems to indicate this is something still being worked out in the Haskell language/Prelude: http // hackage.haskell.org/trac/haskell-prime/wiki/CharAsUnicode And this one lists a few libraries but its a couple years old: http //blog.kfish.org/2007/10/survey-haskell-unicode-support.html [Links broken because SO doesn't trust me -- whatever...] What is the current best way to convert between these types, and what are some of the tradeoffs? I don't want to pick something that is obsolete... Thanks!

Read the article
How to ReHash a password stored into my Database ? (PHP)

- by Vincent Roye

Hi! I have some passwords encrypted in my database and I would like to find a way to display them. Here is how they are saved into my mysql database: function generateHash($plainText, $salt = null){ if ($salt === null) { $salt = substr(md5(uniqid(rand(), true)), 0, 25); } else { $salt = substr($salt, 0, 25); } return $salt . sha1($salt . $plainText); } $secure_pass = generateHash($this->clean_password); Then $secure_pass is saved into my database. Anyone would have an idea ?? Thank you very much ;)

Read the article

< Previous Page | 29 30 31 32 33 34 35 36 37 38 39 40 | Next Page >