Search Results

Search found 12324 results on 493 pages for 'password encryption'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 64/493 | < Previous Page | 60 61 62 63 64 65 66 67 68 69 70 71  | Next Page >

  • Best way to encrypt certain fiels in SQL Server 2008?

    - by Josh
    I'm writing a .net web app that will read and write information to a SQL 2008 backend database. Some of this information will be highly confidential in nature so I want to encrypt certain data elements. I dont want to use TDE or any full-database encryption for performance reasons. My main concern is protecting this sensitive data as a last resort against a SQL injection or even a database server compromise. My question is what is the best way to do this to preserve performance? Is it faster to use the SQL2008 encryption functions such as EncryptByKey, or would it be faster to encrypt and decrypt the data in the .NET web app itself using a symmetric key stored in the secure web.config and store the encrypted values in the DB?

    Read the article

  • URL Encoding of Characters in a password field

    - by Alavoil
    I am trying to pass login credentials to a PHP script that I have in my iPhone app. When I pull a password with special characters the password is missing certain characters especially the percent sign. I am trying to encode the text but even before I send it, the percent sign is missing. //password_field is a UITextField holding the password: !@#$%^&*() NSString *tmpPass = [password_field.text stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding]; NSLog(p_field.text); NSLog(tmpPass); This is what appears in the console: !@#$^&*() [email protected]&*() Is there any reason why it would be dropping the percent sign?

    Read the article

  • Exception - Illegal Block size during decryption(Android)

    - by Vamsi
    I am writing an application which encrypts and decrypts the user notes based on the user set password. i used the following algorithms for encryption/decryption 1. PBEWithSHA256And256BitAES-CBC-BC 2. PBEWithMD5And128BitAES-CBC-OpenSSL e_Cipher = Cipher.getInstance(PBEWithSHA256And256BitAES-CBC-BC); d_Cipher = Cipher.getInstance(PBEWithSHA256And256BitAES-CBC-BC); e_Cipher.init() d_Cipher.init() encryption is working well, but when trying to decrypt it gives Exception - Illegal Block size after encryption i am converting the cipherText to HEX and storing it in a sqlite database. i am retrieving correct values from the sqlite database during decyption but when calling d_Cipher.dofinal() it throws the Exception. I thought i missed to specify the padding and tried to check what are the other available cipher algorithms but i was unable to found. so request you to please give the some knowledge on what are the cipher algorithms and padding that are supported by Android? if the algorithm which i used can be used for padding, how should i specify the padding mechanism? I am pretty new to Encryption so tried a couple of algorithms which are available in BouncyCastle.java but unsuccessful. As requested here is the code public class CryptoHelper { private static final String TAG = "CryptoHelper"; //private static final String PBEWithSHA256And256BitAES = "PBEWithSHA256And256BitAES-CBC-BC"; //private static final String PBEWithSHA256And256BitAES = "PBEWithMD5And128BitAES-CBC-OpenSSL"; private static final String PBEWithSHA256And256BitAES = "PBEWithMD5And128BitAES-CBC-OpenSSLPBEWITHSHA1AND3-KEYTRIPLEDES-CB"; private static final String randomAlgorithm = "SHA1PRNG"; public static final int SALT_LENGTH = 8; public static final int SALT_GEN_ITER_COUNT = 20; private final static String HEX = "0123456789ABCDEF"; private Cipher e_Cipher; private Cipher d_Cipher; private SecretKey secretKey; private byte salt[]; public CryptoHelper(String password) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, InvalidKeySpecException { char[] cPassword = password.toCharArray(); PBEKeySpec pbeKeySpec = new PBEKeySpec(cPassword); PBEParameterSpec pbeParamSpec = new PBEParameterSpec(salt, SALT_GEN_ITER_COUNT); SecretKeyFactory keyFac = SecretKeyFactory.getInstance(PBEWithSHA256And256BitAES); secretKey = keyFac.generateSecret(pbeKeySpec); SecureRandom saltGen = SecureRandom.getInstance(randomAlgorithm); this.salt = new byte[SALT_LENGTH]; saltGen.nextBytes(this.salt); e_Cipher = Cipher.getInstance(PBEWithSHA256And256BitAES); d_Cipher = Cipher.getInstance(PBEWithSHA256And256BitAES); e_Cipher.init(Cipher.ENCRYPT_MODE, secretKey, pbeParamSpec); d_Cipher.init(Cipher.DECRYPT_MODE, secretKey, pbeParamSpec); } public String encrypt(String cleartext) throws IllegalBlockSizeException, BadPaddingException { byte[] encrypted = e_Cipher.doFinal(cleartext.getBytes()); return convertByteArrayToHex(encrypted); } public String decrypt(String cipherString) throws IllegalBlockSizeException { byte[] plainText = decrypt(convertStringtobyte(cipherString)); return(new String(plainText)); } public byte[] decrypt(byte[] ciphertext) throws IllegalBlockSizeException { byte[] retVal = {(byte)0x00}; try { retVal = d_Cipher.doFinal(ciphertext); } catch (BadPaddingException e) { Log.e(TAG, e.toString()); } return retVal; } public String convertByteArrayToHex(byte[] buf) { if (buf == null) return ""; StringBuffer result = new StringBuffer(2*buf.length); for (int i = 0; i < buf.length; i++) { appendHex(result, buf[i]); } return result.toString(); } private static void appendHex(StringBuffer sb, byte b) { sb.append(HEX.charAt((b>>4)&0x0f)).append(HEX.charAt(b&0x0f)); } private static byte[] convertStringtobyte(String hexString) { int len = hexString.length()/2; byte[] result = new byte[len]; for (int i = 0; i < len; i++) { result[i] = Integer.valueOf(hexString.substring(2*i, 2*i+2), 16).byteValue(); } return result; } public byte[] getSalt() { return salt; } public SecretKey getSecretKey() { return secretKey; } public static SecretKey createSecretKey(char[] password) throws NoSuchAlgorithmException, InvalidKeySpecException { PBEKeySpec pbeKeySpec = new PBEKeySpec(password); SecretKeyFactory keyFac = SecretKeyFactory.getInstance(PBEWithSHA256And256BitAES); return keyFac.generateSecret(pbeKeySpec); } } I will call mCryptoHelper.decrypt(String str) then this results in Illegal block size exception My Env: Android 1.6 on Eclipse

    Read the article

  • How to decrypt IRC Bot's blowfish encrypted messages.

    - by Arsheep
    I am making an IRC bot in php to read content of a channel. Bot is done fine.But the messages are encrypted With blowfish encryption. i have the key and all, i tried PHP's code below but didn;t worked. echo mcrypt_decrypt(MCRYPT_BLOWFISH,$key,$input,MCRYPT_MODE_ECB); For more help the encryption is done via drftpd site bot. I can find this link http://trac.drftpd.org/browser/branches/jpf/src/plugins/org.drftpd.plugins.sitebot/src/org/drftpd/plugins/sitebot/OutputWriter.java?rev=1721 Written in Java so may be some Java guy can help too .

    Read the article

  • Encrypt text using a number

    - by Adam Matan
    Project Euler I have recently begun to solve some of the Project Euler riddles. I found the discussion forum in the site a bit frustrating (most of the discussions are closed and poorly-threaded), So I have decided to publish my Python solutions on launchpad for discussion. The problem is that it seems quite unethical to publish these solutions, as it would let other people gain reputation without doing the programming work, which the site deeply discourages. My Encryption problem I want to encrypt my answers so that only those who have already solved the riddles can see my code. The logical key would be the answer to the riddle, which is always numeric. In order to prevent brute-force attacks on my answers, I want to find an encryption algorithm that takes a significantly long time (few seconds) to run. Do you know any such algorithm? I would fancy a Python package, which I can attach to the code, over an external program that might have portability issues. Thanks, Adam

    Read the article

  • comparing salt and hashed passwords during login doesn't seem work right....

    - by Pandiya Chendur
    I stored salt and hash values of password during user registration... But during their login i then salt and hash the password given by the user, what happens is a new salt and a new hash is generated.... string password = collection["Password"]; reg.PasswordSalt = CreateSalt(6); reg.PasswordHash = CreatePasswordHash(password, reg.PasswordSalt); These statements are in both registration and login.... salt and hash during registration was eVSJE84W and 18DE22FED8C378DB7716B0E4B6C0BA54167315A2 During login it was 4YDIeARH and 12E3C1F4F4CFE04EA973D7C65A09A78E2D80AAC7..... Any suggestion.... public static string CreateSalt(int size) { //Generate a cryptographic random number. RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider(); byte[] buff = new byte[size]; rng.GetBytes(buff); // Return a Base64 string representation of the random number. return Convert.ToBase64String(buff); } public static string CreatePasswordHash(string pwd, string salt) { string saltAndPwd = String.Concat(pwd, salt); string hashedPwd = FormsAuthentication.HashPasswordForStoringInConfigFile( saltAndPwd, "sha1"); return hashedPwd; }

    Read the article

  • SSIS XML Decryption Message

    - by Vaccano
    My SSIS package says it is successful, but when it runs it ends not doing anything (that I can see). The only thing wrong is this message (that it does not qualify as an error). Description: Failed to decrypt an encrypted XML node because the password was not specified or not correct. Package load will attempt to continue without the encrypted information I do have a password on my packages, but I don't see anywhere to put the password in when I load the Package into SSIS. Am I missing a step?

    Read the article

  • Looking for a safe, portable password-storage method

    - by Maciek
    Hello, I'm working on C++ project that is supposed to run on both Win32 and Linux, the software is to be deployed to small computers, usually working in remote locations. Recently, our client has requested that we introduce access control via password protection. We are to meet the following criteria : Support remote login Support remote password change Support remote password retrieval Support data retrieval on accidental/purposeful deletion Support secure storage I'm capable of meeting the "remote" requirements using an existing library, however what I do need to consider is a method of storing this data, preferably in a way that will work on both platforms and will not let the user see it/read it, encryption is not the issue here - it's the storage method itself. Can anyone recommend a sage storage method that could help me meet those criteria?

    Read the article

  • Security & Authentication: SSL vs SASL

    - by 4herpsand7derpsago
    My understanding is that SSL combines an encryption algorithm (like AES, DES, etc.) with akey exchange method (like Diffier-Hellman) to provide secure encryption and identification services between two endpoints on an un-secure network (like the Internet). My understanding is that SASL is an MD5/Kerberos protocol that pretty much does the same thing. So my question: what are the pros/cons to choosing both and what scenarios make both more preferable? Basically, I'm looking for a guidelines to follow when choosing SSL or to go with SASL instead. Thanks in advance!

    Read the article

  • protect (encrypt) password in the web.config file (asp.net)

    - by Hazro City
    <system.net> <mailSettings> <smtp from="[email protected]" deliveryMethod="Network"> <network clientDomain="www.domain.com" host="smtp.live.com" defaultCredentials="false" port="25" userName=" [email protected] " password="password" enableSsl="true" /> </smtp> </mailSettings> </system.net> This is the case where I need encryption for my password. I searched and googled much on the web but I can’t be able to encrypt anymore. Can anyone help me do this in a simple but secure way.

    Read the article

  • How do you encrypt data between client and server running in Flash and Java?

    - by ArmlessJohn
    We have a multiclient system where the client is written in Flash and the server is written in Java. Currently, communication is done in Flash by usage of flash.net.Socket and the protocol is written in JSON. The server uses a custom port to receive connections and then proceed to talk with each client. As expected, data is sent and received on both fronts as raw bytes, which are then decoded as needed. We would like to encrypt the communication between clients and server. I have some basic understanding about public/private key encryption, but I do not know what is the best way to exchange keys or what libraries are available (on both languages) to do this. What would be the best strategy to attack this problem and where should I start looking for libraries/methods to implement this encryption?

    Read the article

  • does it make sense to send password information during email communication from websites

    - by Samuel
    Most of the online sites on registration do send a link to activate the site and on any further correspondence with the end user they provide information about the site and also provide the login credentials with password in clear text (as given below) Username - [email protected] Password - mysecretpassword What would you do in such a case? From a usability perspective does it make sense to send the password information in clear text or should you just avoid sending this information. I was under the impression that most of the passwords are MD5 hashed before storing in the database and hence the service provider will not have any access to clear text passwords, is this a security violation?

    Read the article

  • How? Encrypt and Decrypt user membership passwords in ASP.NET

    - by smdrager
    We are creating a new site using ASP.NET membership provider for user registration and log in. Our old system encrypted user passwords so that we could recover them if we needed to. I am having a great deal of trouble figuring out if it is possible to use ASP.NET membership functions to simply encrypt the password when the user registers and then unencrypt it so I can see it. Documentation for this is neigh non-existant. I know how to configure Web.config to have it store passwords as encrypted ala passwordFormat="Hashed" in the provider and assigning a validationKey in the machineKey, however it seems like the password still gets hashed (though perhaps it is just well encrypted). Either way I cannot decifer how the password can be recovered (by us) if neccessary. Thanks!

    Read the article

  • remember passowrd works in ff but not in ie and chrome

    - by jasperdejong
    Hi, It seems that my html login form support remember password in ff but not in ie and chrome. Can anybody tell me why? Here's the code: <form name="login_form" id="login_form" action="" method="POST"> <div class="login_line">name<input name="user_name" id="user_name_id" size="16" maxlength="16" value="" type="text"></div> <div class="login_line">password<input name="password" id="password_id" size="16" maxlength="16" type="password"></div> <div class="login_line">&nbsp;<input class="icon icon_accept" value="login" onclick="javascript:handleFunction('action_login', document.getElementById('user_name_id').value, document.getElementById('password_id').value); return false;" type="submit"></div> </form> <!-- login_form -->

    Read the article

  • What is the best way to keep database data encrypted with user passwords?

    - by Dan Sosedoff
    Let's say an application has really specific data which belongs to a user, and nobody is supposed to see it except the owner. I use MySQL database with DataMapper ORM mapper. The application is written in Ruby on Sinatra. Application behavior: User signs up for an account. Creates username and password. Logs into his dashboard. Some fields in specific tables must be protected. Basically, I'm looking for auto-encryption for a model properties. Something like this: class Transaction include DataMapper::Resource property :id, Serial property :value, String, :length => 1024, :encrypted => true ... etc ... belongs_to :user end I assume that encryption/decryption on the fly will cause performance problems, but that's ok. At least if that works - I'm fine. Any ideas how to do this?

    Read the article

  • Git 1.7.10 asks me for github username and password

    - by Daniel Ruf
    Since I have the new version it doesnt ask me anymore for the password I set in my ssh key file. It asks now directly for a github username and password when I push every time. Is this a new feature of git or changed it in the past or is there something what changed on github? I tried to authenticate using ssh and the email and password from my ssh ke file and it worked. Github changed to smartftp and also changed the instructions for setting up repos https://github.com/blog/1104-credential-caching-for-wrist-friendly-git-usage https://help.github.com/articles/create-a-repo Saw it later, they use now https instead of the git protocol

    Read the article

  • password/login system in php

    - by Jonathan
    For a login system in php would this be a suitable outline of how it would work: users types in username and password, clicks login button. Checks if user exists in database, if it does, then retrieve the salt for that user hash the password and salt (would this be done on the client or server side? I think client side would be better, but php is server side so how would you do this?) check value against value in database, if the values match then user has typed in correct password and they are logged in.

    Read the article

  • can't make svn store password, even though the configuration allows it

    - by davka
    did everything the book says, i.e. removed the authentication files from .subversion/auth, and explicitly set the relevant config parameters to 'yes' even though this is a default, and yet the shell svn commands ask for password each time. The repository is on cvsdude.com, the client is linux. I also use the subclipse plugin that caches the password ok. I vaguely remember that when I started working with it, the command asked interactively if I wanted to save clear password, and I said no. Can this choice be stored somewhere and take precedence over the configuration? Thanks!

    Read the article

  • Security issues in accepting passwords vs auto generating the password

    - by Vivekanand Poojari
    Hi, I am developing a console application. This application generates a self signed certificate and installs it in the current machine's certificate store. The steps invlolved are :- Generate a certificate Create a pfx file Install the pfx file For these steps i would need a password for protecting the private key and the pfx file. However these passwords are used only during the execution of the exe. Should I auto generate a password using some random number generation algorithm or accept the password as input from the user? What are the security issues involved in both the scenarios ? Thanks Vivekanand

    Read the article

  • can't make svn store password, even though the configuration is set to allow it

    - by davka
    did everything the book says, i.e. removed the authentication files from .subversion/auth, and explicitly set the relevant config parameters to 'yes' even though this is a default, and yet the shell svn commands ask for password each time. The repository is on cvsdude.com, the client is linux. I also use the subclipse plugin that caches the password ok. I vaguely remember that when I started working with it, the command asked interactively if I wanted to save clear password, and I said no. Can this choice be stored somewhere and take precedence over the configuration? Thanks!

    Read the article

  • Getting age from an encrypted DOB field

    - by Mailforbiz
    Hi all Due to certain compliance requirements, we have to encrypt the user DOB field in the database. We also have another requirement to be able to search a user by his age. Our DB doesn't support transparent encryption so encryption will handled by the application. Any good ideas on how to allow for searching by age? One thought is to save the YOB in a separate column in cleartext and still be able to comply to our compliance requirement. Aside from that, any other design strategy that would help? Thanks in advance!

    Read the article

  • Hash passwords before transmitting? (web)

    - by wag2639
    I was reading this Ars article on password security and it mentioned there are sites that "hash the password before transmitting"? Now, assuming this isn't using an SSL connection (HTTPS), a. is this actually secure and b. if it is how would you do this in a secure manor? Edit 1: (some thoughts based on first few answers) c. If you do hash the password before transmission, how do you use that if you only store a salted hash version of the password in your user credentials databas? d. Just to check, if you are using a HTTPS secured connection, is any of this necessary?

    Read the article

  • password limitations in SQL Server and MySql

    - by asteroid
    Does MySql 5.1 and SQL Server 2008 (Web edition, Standard) have any functional password limitations other than length limits? Are metacharacters in any form a bad idea to use, like bang, pipe, hash, any slash, carrot, and so on? I know that MySql 5.1 has a password length limitation of 16 characters that is hardcoded, but I was wondering, are any metacharacters (i.e. non alphanumerics) a bad idea to use? And is this true in SQL Server 2008 Web edition, Standard? So specifically: can symbols like: /`~:}{[]^ be used successfully? I would hope it doesn't matter to the database, but I don't understand enough about password storage in enterprise database systems yet to know for sure, and I was looking for confirmation or an explanation.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 60 61 62 63 64 65 66 67 68 69 70 71  | Next Page >