Search Results

Search found 41203 results on 1649 pages for 'two way encryption'.

Page 55/1649 | < Previous Page | 51 52 53 54 55 56 57 58 59 60 61 62  | Next Page >

  • How to secure licensekey generation

    - by Jakob Gade
    Scenario, simplified for brevity: A developer creates an application for a customer. The customer sells this app to end-users. The app requires a license key to run, and this key is generated by the customer for each end-user with a simple tool created by the developer. The license key contains an expiry date for the license and is encrypted so the end-user can’t tamper with it. The problem here is that the developer (or anybody who has a copy of the license key generator) can easily create valid license keys. Should this generator fall into the wrong hands, it could spell disaster for the customers business. Ideally, the customer would have to use a password to create new license keys. And this password would be unknown to the developer, and somehow baked into the decryption algorithm in the application so it will fail if an attempt to use an unauthorized key is made. How would you implement a solution for this problem that is both transparent and secure?

    Read the article

  • Ruby on Rails Decryption

    - by user812120
    0 down vote favorite share [g+] share [fb] share [tw] The following function works perfect in PHP. How can it be translated in Ruby on Rails. Please note that both privateKey and iv are 32 characters long. mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $privateKey, base64_decode($enc), MCRYPT_MODE_CBC, $iv) I tried to use the following in Ruby but got a bad decrypt error. cipher = OpenSSL::Cipher.new('aes-256-cbc') cipher.decrypt cipher.key = privateKey cipher.iv = iv decrypted = '' << cipher.update(encrypted) << cipher.final

    Read the article

  • security topics

    - by scatman
    i have a course project to do on network security, the project themes are lightweight security on mobile devices,sensors,rfids... i am really finding it hard to get papers about any of these topics. so what are some nice project topics that i can do? thanks

    Read the article

  • C# encrypt whole XML File

    - by René
    I already have a solution for encrypting of several XML nodes or strings. But of course, you can open the local saved XML file and you should see the node tags. For some intelligent people it could be a reference for hidden informations. Is there any way to encrypt and decrypt the whole xml content including all node tags?

    Read the article

  • Use of Curve25519

    - by chmike
    I'm currently investigating the use of curve25519 for signing. Original distribution can be obtained here and a C code implementation here or here. Bernstein suggest to use ECDSA for this but I could not find any code.

    Read the article

  • Free SWF Obfuscator

    - by Cyclone
    Does anybody know of a free flash obfuscator? All I can find are commercial ones with free trials. I have done numerous google searches, and have been unable to find what I am looking for. I know that obfuscators do not make your swf hack proof, but they make things harder. Things I am looking for in an obfuscator: Unlimited obfuscations No time limit No watermark (or on the left side only! Right side is no good, same with center) Able to publish work (no special player needed other than standard flashplayer) I really was surprised to see how hard it was to find a good obfuscator (tried encoder, protection, etc. instead as well) and how easy it is to find a decompiler.... It is imperative that my code be protected, at least partially, to discourage the hacking of my game.

    Read the article

  • Rot13 for numbers.

    - by dreeves
    EDIT: Now a Major Motion Blog Post at http://messymatters.com/sealedbids The idea of rot13 is to obscure text, for example to prevent spoilers. It's not meant to be cryptographically secure but to simply make sure that only people who are sure they want to read it will read it. I'd like to do something similar for numbers, for an application involving sealed bids. Roughly I want to send someone my number and trust them to pick their own number, uninfluenced by mine, but then they should be able to reveal mine (purely client-side) when they're ready. They should not require further input from me or any third party. (Added: Note the assumption that the recipient is being trusted not to cheat.) It's not as simple as rot13 because certain numbers, like 1 and 2, will recur often enough that you might remember that, say, 34.2 is really 1. Here's what I'm looking for specifically: A function seal() that maps a real number to a real number (or a string). It should not be deterministic -- seal(7) should not map to the same thing every time. But the corresponding function unseal() should be deterministic -- unseal(seal(x)) should equal x for all x. I don't want seal or unseal to call any webservices or even get the system time (because I don't want to assume synchronized clocks). (Added: It's fine to assume that all bids will be less than some maximum, known to everyone, say a million.) Sanity check: > seal(7) 482.2382 # some random-seeming number or string. > seal(7) 71.9217 # a completely different random-seeming number or string. > unseal(seal(7)) 7 # we always recover the original number by unsealing.

    Read the article

  • how can I convert String to SecretKey

    - by Alaa
    I want to convert String to secretKey public void generateCode(String keyStr){ KeyGenerator kgen = KeyGenerator.getInstance("AES"); kgen.init(128); // 192 and 256 bits may not be available // Generate the secret key specs. secretKey skey=keyStr; //How can I make the casting here //SecretKey skey = kgen.generateKey(); byte[] raw = skey.getEncoded(); } I try to use BASE64Decoder instead of secretKey, but I face a porblem which is I cannot specify key length. EDIT: I want to call this function from another place static public String encrypt(String message , String key , int keyLength) throws Exception { // Get the KeyGenerator KeyGenerator kgen = KeyGenerator.getInstance("AES"); kgen.init(keyLength); // 192 and 256 bits may not be available // Generate the secret key specs. //decode the BASE64 coded message SecretKey skey = key; //here is the error raw = skey.getEncoded(); SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES"); // Instantiate the cipher Cipher cipher = Cipher.getInstance("AES"); cipher.init(Cipher.ENCRYPT_MODE, skeySpec); System.out.println("msg is" + message + "\n raw is" + raw); byte[] encrypted = cipher.doFinal(message.getBytes()); String cryptedValue = new String(encrypted); System.out.println("encrypted string: " + cryptedValue); return cryptedValue; } Any one can help, i'll be very thankful.

    Read the article

  • Exception: "Given final block not properly padded" in Linux, but it works in Windows

    - by user1685364
    My application works in windows, but fails in Linux with Given final block not properly padded exception. Configuration: JDK Version: 1.6 Windows : version 7 Linux : CentOS 5.8 64bit My code is below: import java.io.IOException; import java.io.UnsupportedEncodingException; import java.security.InvalidKeyException; import java.security.Key; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; import javax.crypto.IllegalBlockSizeException; import javax.crypto.KeyGenerator; import javax.crypto.NoSuchPaddingException; import sun.misc.BASE64Decoder; import sun.misc.BASE64Encoder; public class SecurityKey { private static Key key = null; private static String encode = "UTF-8"; private static String cipherKey = "DES/ECB/PKCS5Padding"; static { try { KeyGenerator generator = KeyGenerator.getInstance("DES"); String seedStr = "test"; generator.init(new SecureRandom(seedStr.getBytes())); key = generator.generateKey(); } catch(Exception e) { } } // SecurityKey.decodeKey("password") public static String decodeKey(String str) throws Exception { if(str == null) return str; Cipher cipher = null; byte[] raw = null; BASE64Decoder decoder = new BASE64Decoder(); String result = null; cipher = Cipher.getInstance(cipherKey); cipher.init(Cipher.DECRYPT_MODE, key); raw = decoder.decodeBuffer(str); byte[] stringBytes = null; stringBytes = cipher.doFinal(raw); // Exception!!!! result = new String(stringBytes, encode); return result; } } At the line: ciper.doFilnal(raw); the following exception is thrown: javax.crypto.BadPaddingException: Given final block not properly padded How can I fix this issue?

    Read the article

  • use bouncy castle to create public key on j2me

    - by mike
    I got the public key from the certificate, keypair is a java.security.KeyPair object String public_key = keypair.getPublic().toString(); I want to send this to the via an http connection to a J2me application. I cannot find any documentation to convert the transmitted string to a Public key that can be used to encrypt Strings. I also want the J2me to verify signed strings from the server. I want to then send the encrypted strings back to the server.

    Read the article

  • Is there an algorithm to securely split a message into x parts requiring at least y parts to reassem

    - by Aaron
    Is there an algorithm to securely split a message into x parts requiring at least y parts to reassemble? Obviously, y <= x. An example: Say that I have a secret message that I only want to be read in the event of my death. As a way to ensure this, I give a fraction of the message to ten friends. Now, I can't guaranty that all my friends will be able to put their messages together to recover the original. So, I construct each message fraction in such a way so as to only require any 5 friends to put their parts together to reconstruct the whole. However, owning less than 5 parts will not give anything away about the message, except possibly the length. My question is, is this possible? What algorithms might I look at to accomplish this? Clarification edit: The important part of this is the cryptographic strength. An attacker should not be able to recover the message, either in whole or in part with less than y parts.

    Read the article

  • Can per-user randomized salts be replaced with iterative hashing?

    - by Chas Emerick
    In the process of building what I'd like to hope is a properly-architected authentication mechanism, I've come across a lot of materials that specify that: user passwords must be salted the salt used should be sufficiently random and generated per-user ...therefore, the salt must be stored with the user record in order to support verification of the user password I wholeheartedly agree with the first and second points, but it seems like there's an easy workaround for the latter. Instead of doing the equivalent of (pseudocode here): salt = random(); hashedPassword = hash(salt . password); storeUserRecord(username, hashedPassword, salt); Why not use the hash of the username as the salt? This yields a domain of salts that is well-distributed, (roughly) random, and each individual salt is as complex as your salt function provides for. Even better, you don't have to store the salt in the database -- just regenerate it at authentication-time. More pseudocode: salt = hash(username); hashedPassword = hash(salt . password); storeUserRecord(username, hashedPassword); (Of course, hash in the examples above should be something reasonable, like SHA-512, or some other strong hash.) This seems reasonable to me given what (little) I know of crypto, but the fact that it's a simplification over widely-recommended practice makes me wonder whether there's some obvious reason I've gone astray that I'm not aware of.

    Read the article

  • How do i sign variables?

    - by acidzombie24
    I have a few variables that must be stored on the client side. As usual anything on client side can be tampered. I would like to sign a few variables and verified them when the data is sent back to the server. At the moment i think they are 5 64bit vars. On the server i would like to sign those 5 variables, then ensure the signature is valid when the client sends it back. How do i do this using C# .NET?

    Read the article

  • A way for a file to have its own MD5 inside? Or a string that is it's own MD5?

    - by Eli
    Hi all, In considering several possible solutions to a recent task, I found myself considering how to get a php file that includes it's own MD5 hash. I ended up doing something else, but the question stayed with me. Something along the lines of: <?php echo("Hello, my MD5 is [MD5 OF THIS FILE HERE]"); ?> Whatever placeholder you have in the file, the second you take its MD5 and insert it, you've changed it, which changes it's MD5, etc. Edit: Perhaps I should rephrase my question: Does anyone know if it has been proven impossible, or if there has been any research on an algorithm that would result in a file containing it's own MD5 (or other hash)? I suppose if the MD5 was the only content in the file, then the problem can be restated as how to find a string that is it's own MD5. It may well be impossible for us to create a process that will result in such a thing, but I can't think of any reason the solution itself can't exist. The question is basically whether it really is impossible, simply improbable (on the order of monkeys randomly typing Shakespeare), or actually solvable by somebody smarter than myself.

    Read the article

  • Ruby - encrypted_strings

    - by Tom Andersen
    A bit of a Ruby newbie here - should be an easy question: I want to use the encrypted_strings gem to create a password encrypted string: (from http://rdoc.info/projects/pluginaweek/encrypted_strings) Question is: Everything works fine, but how come I don't need the password to decrypt the string? Say I want to store the string somewhere for a while,like the session. Is the password also stored with it? (which would seem very strange?). And no, I'm not planning on using 'secret-key' or any similar hack as a password. I am planning on dynamically generating a class variable @@password using a uuid, which I don't store other than in memory, and can change from one running of the program to the next. Symmetric: >> password = 'shhhh' => "shhhh" >> crypted_password = password.encrypt(:symmetric, :password => 'secret_key') => "qSg8vOo6QfU=\n" >> crypted_password.class => String >> crypted_password == 'shhhh' => true >> password = crypted_password.decrypt => "shhhh"

    Read the article

  • create this array

    - by calccrypto
    i know this sounds silly, but can someone please post the arrays described by rfc2612: Cm = 0x5A827999 Mm = 0x6ED9EBA1 Cr = 19 Mr = 17 for (i=0; i<24; i++) { for (j=0; j<8; j++) { Tmj_(i) = Cm Cm = (Cm + Mm) mod 2**32 Trj_(i) = Cr Cr = (Cr + Mr) mod 32 } } i think im doing is wrong for some reason i get this for Tr [[10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2], [10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2], [10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2], [10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2], [10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2], [10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2], [10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2], [10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2]]

    Read the article

  • Protect Windows folder without encrypting the contents

    - by Jad
    Hi, I want to protect the "www" folder in my Apache server. Checked some tools on the net like TrueCrypt, FolderEncrypt etc. All these encrypt the folder contents. If the www folder is encrypted, then my php won't work. Is there a way to lock the folder in windows without encrypting its contents.[ A little harder to crack then no lock at all] Regards Jad

    Read the article

  • Encrypt a hex string in java.

    - by twintwins
    I would like to ask for any suggestions about my problem. I need to encrypt a hexadecimal string. I must not to use the built-in functions of java because it doesn't work in my server. In short, I have to hard code an algorithm or any means of encrypting the message. Anyone who could help me with this? thanks a lot! here is the code. public Encrypt(SecretKey key, String algorithm) { try { ecipher = Cipher.getInstance(algorithm); dcipher = Cipher.getInstance(algorithm); ecipher.init(Cipher.ENCRYPT_MODE, key); dcipher.init(Cipher.DECRYPT_MODE, key); } catch (NoSuchPaddingException e) { System.out.println("EXCEPTION: NoSuchPaddingException"); } catch (NoSuchAlgorithmException e) { System.out.println("EXCEPTION: NoSuchAlgorithmException"); } catch (InvalidKeyException e) { System.out.println("EXCEPTION: InvalidKeyException"); } } public void useSecretKey(String secretString) { try { SecretKey desKey = KeyGenerator.getInstance("DES").generateKey(); SecretKey blowfishKey = KeyGenerator.getInstance("Blowfish").generateKey(); SecretKey desedeKey = KeyGenerator.getInstance("DESede").generateKey(); Encrypt desEncrypter = new Encrypt(desKey, desKey.getAlgorithm()); Encrypt blowfishEncrypter = new Encrypt(blowfishKey, blowfishKey.getAlgorithm()); Encrypt desedeEncrypter = new Encrypt(desedeKey, desedeKey.getAlgorithm()); desEncrypted = desEncrypter.encrypt(secretString); blowfishEncrypted = blowfishEncrypter.encrypt(secretString); desedeEncrypted = desedeEncrypter.encrypt(secretString); } catch (NoSuchAlgorithmException e) {} } those are the methods i used. no problem if it is run as an application but then when i put it to my server which is the glassfish server an exception occured and it says no such algorithm.

    Read the article

  • Handling User Authentication in .NET?

    - by Daniel
    I am new to .NET, and don't have much experience in programming. What is the standard way of handling user authentication in .NET in the following situation? In Process A, User inputs ID/Password Process A sends the ID/Password to Process B over a nonsecure public channel. Process B authenticates the user with the recieved ID/Password what are some of the standard cryptographic algorithms I can use in above model?

    Read the article

  • How do I compute the approximate entropy of a bit string?

    - by dreeves
    Is there a standard way to do this? Googling -- "approximate entropy" bits -- uncovers multiple academic papers but I'd like to just find a chunk of pseudocode defining the approximate entropy for a given bit string of arbitrary length. (In case this is easier said than done and it depends on the application, my application involves 16,320 bits of encrypted data (cyphertext). But encrypted as a puzzle and not meant to be impossible to crack. I thought I'd first check the entropy but couldn't easily find a good definition of such. So it seemed like a question that ought to be on StackOverflow! Ideas for where to begin with de-cyphering 16k random-seeming bits are also welcome...) See also this related question: http://stackoverflow.com/questions/510412/what-is-the-computer-science-definition-of-entropy

    Read the article

< Previous Page | 51 52 53 54 55 56 57 58 59 60 61 62  | Next Page >