Search Results

Search found 2089 results on 84 pages for 'symmertric encryption'.

Page 76/84 | < Previous Page | 72 73 74 75 76 77 78 79 80 81 82 83  | Next Page >

  • Using SSL and SslStream for peer to peer authentication?

    - by Scott Whitlock
    I need to provide secure communication between various processes that are using TCP/IP sockets for communication. I want both authentication and encryption. Rather than re-invent the wheel I would really like to use SSL and the SslStream class and self-signed certificates. What I want to do is validate the remote process's certificate against a known copy in my local application. (There doesn't need to be a certificate authority because I intend for the certificates to be copied around manually). To do this, I want the application to be able to automatically generate a new certifiate the first time it is run. In addition to makecert.exe, it looks like this link shows a way to automatically generate self-signed certificates, so that's a start. I've looked at the AuthenticateAsServer and AuthenticateAsClient methods of SslStream. You can provide call-backs for verification, so it looks like it's possible. But now that I'm into the details of it, I really don't think it's possible to do this. Am I going in the right direction? Is there a better alternative? Has anyone done anything like this before (basically peer-to-peer SSL rather than client-server)?

    Read the article

  • Single Sign On for Web Application and Application in Virtual Directory

    - by Stefan
    To enable single sign-on for a web application and a web application in a virtual directory, I set the machinekey in both apps to the same: <machineKey validationKey="xxx" decryptionKey="yy" validation="SHA1" /> The single sign on works just fine, but existing users can't sign in any more; their passwords are rejected. The machinekey used to be this in the parent application: <machineKey validationKey="xxx,IsolateApps" decryptionKey="yy,IsolateApps" validation="SHA1" /> I tried other ways to make single sign on work, but it just won't as long as the keys contain "IsolateApps". What am I missing? I should add that the in the membership provider, passwordFormat is set to "Encrypted". So I assume the password was encrypted using the key that contained "IsolateApps" and now when it tries to validate the password it's using the key without the "IsolateApps". Still not sure how to solve that problem. Is there maybe a way that I can set the encryption keys for the password separately from the one that is used for the authentication cookie?

    Read the article

  • OpenSSL.NET can't export private key with null Cipher

    - by Nick
    I've recently discovered OpenSSL.NET and it's a pretty sweet little wrapper. I'm trying to execute the following code: public static void DoSomething(byte[] buf) { OpenSSL.Core.BIO input = new OpenSSL.Core.BIO(buf); OpenSSL.X509.X509Certificate b = OpenSSL.X509.X509Certificate.FromPKCS12(input, "passphrase"); OpenSSL.Core.BIO outs = OpenSSL.Core.BIO.MemoryBuffer(false); b.PrivateKey.WritePrivateKey(outs, OpenSSL.Crypto.Cipher.Null, "passphrase"); outs.SetClose(OpenSSL.Core.BIO.CloseOption.Close); Console.WriteLine(outs.ReadString()); } Problem comes at the "b.PrivateKey.WritePrivateKey(.." line. I want to write the private key out without any encryption. According to spec, if I use a Null cipher type this should do the trick, but it never works, regardless of the cert I use in buf. Here's the exception: error:0D0A706C:asn1 encoding routines:PKCS5_pbe2_set:cipher has no object identifier error:2307D00D:PKCS12 routines:PKCS8_encrypt:ASN1 lib I know this part works fine because if I specify any other cipher type, it exports the private key without fail. Anyone have any suggestions?

    Read the article

  • File not found on RSACryptoServiceProvider, service account permissions?

    - by Ben Scheirman
    Our web service wraps around a third party library that contains the following code. We are using an Active Directory service account in the IIS 6 app pool (no interactive login abilities). Our service fails with the error “The system cannot find the file specified”. We’ve traced the error to the “RSACryptoServiceProvider provider = new RSACryptoServiceProvider();”. The third party assembly depends on a x509 file based certificate for its encryption process and the Service Account has Read / Write access to the keys folder. Additionally, the service account has Read, Write, Modify rights to “C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys”. Code: StringBuilder builder = new StringBuilder(publicKeyData); builder.Replace("-----BEGIN CERTIFICATE-----", ""); builder.Replace("-----END CERTIFICATE-----", ""); X509Certificate2 certificate = new X509Certificate2( Convert.FromBase64String(builder.ToString())); string xmlString = certificate.PublicKey.Key.ToXmlString(false); RSACryptoServiceProvider provider = new RSACryptoServiceProvider(); //BOOM CspKeyContainerInfo containerInfo = provider.CspKeyContainerInfo; provider.PersistKeyInCsp = false; provider.FromXmlString(xmlString); loadedKeys.Add(key, provider); provider2 = provider; We cracked open FileMon and noticed that there is a FILE NOT FOUND for that AppPool, followed by another SUCCESS for the same exact file. I'm out of my element here, anybody have an idea as to why we're seeing this?

    Read the article

  • SHA1 hashing in Delphi XE

    - by Leonardo Herrera
    Hello, I'm in the process of implementing XML digital signatures. I'm starting with little steps, so right now I want to solve the problem of SHA-1 hashing. There are lots of questions about this in SO: Digitially Sign Key with Lockbox Encryption library for Delphi Convert this php digital signing to Delphi Delphi: is there a version of LockBox for Delphi-XE Delphi 2010 Cryptography libraries ...and probably more. However, I'm using Delphi XE. So far, I've tried LockBox 2 (both the Songbeamer and Sourceforge versions), Lock Box 3, DCPCrypto2 and some others (Hashes is an easy to use unit which uses Windows crypto functions) I prepared a small test rig that gives me the following: LockBox2 FAILED: 1 ('abc') Got: '9f04f41a848514162050e3d68c1a7abb441dc2b5' Expected: 'a9993e364706816aba3e25717850c26c9cd0d89d' FAILED: 2 ('abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq') Got: '51d7d8769ac72c409c5b0e3f69c60adc9a039014' Expected: '84983e441c3bd26ebaae4aa1f95129e5e54670f1' LockBox3 FAILED: 1 ('abc') Got: '9f04f41a848514162050e3d68c1a7abb441dc2b5' Expected: 'a9993e364706816aba3e25717850c26c9cd0d89d' FAILED: 2 ('abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq') Got: '51d7d8769ac72c409c5b0e3f69c60adc9a039014' Expected: '84983e441c3bd26ebaae4aa1f95129e5e54670f1' DCPCrypto2 FAILED: 1 ('abc') Got: '9f04f41a848514162050e3d68c1a7abb441dc2b5' Expected: 'a9993e364706816aba3e25717850c26c9cd0d89d' FAILED: 2 ('abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq') Got: '51d7d8769ac72c409c5b0e3f69c60adc9a039014' Expected: '84983e441c3bd26ebaae4aa1f95129e5e54670f1' Hashes Test 1 passes Test 2 passes Have you succeeded in compile the mentioned libraries under Delphi XE and make them give the appropriate values? I'm particularly interested in DCPCrypt2 SelfTest procedure. Edit: I've added this answer with the fixed source code. Thank you all for your help, it is most appreciated.

    Read the article

  • SSL certificates: No Client certificate key exhange

    - by user334246
    I am trying to access a WCF web service, that is using two way SSL encryption. When I try to call the service I get a System.ServiceModel.Security.SecurityNegotiationException: Could not establish secure channel for SSL/TLS with authority 'XXX.xx'. --- System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel. I have tried activating wire shark, to see what is sent to and from the server: I see a client hello and a server hello. But there is no client response to the server hello. I was expecting a "Certificate. Client key exchange. Change cipher. Encrypted handshake Message" package, but none is sent. I'm thinking it is a problem with the certificate sent by the server, that somehow my client server does not trusy it. Here is what I have already tried: I have created the certificate, through the proper authority, though I could have made a mistake in the certificate request without knowing it. I have added the two root certificates to: trusted root certificates, trusted publishers and trusted people. I have also added the client certificate to trusted people. My colleague has succeded in establishing connection on a win 2008 server (i'm using a 2003, because it is necessary for some odd reason - don't ask). I can't see any differences in our approach, so i'm a bit lost. Any help would be greatly appreciated.

    Read the article

  • C# File IO with Streams - Best Memory Buffer Size

    - by AJ
    Hi, I am writing a small IO library to assist with a larger (hobby) project. A part of this library performs various functions on a file, which is read / written via the FileStream object. On each StreamReader.Read(...) pass, I fire off an event which will be used in the main app to display progress information. The processing that goes on in the loop is vaired, but is not too time consuming (it could just be a simple file copy, for example, or may involve encryption...). My main question is: What is the best memory buffer size to use? Thinking about physical disk layouts, I could pick 2k, which would cover a CD sector size and is a nice multiple of a 512 byte hard disk sector. Higher up the abstraction tree, you could go for a larger buffer which could read an entire FAT cluster at a time. I realise with today's PC's, I could go for a more memory hungry option (a couple of MiB, for example), but then I increase the time between UI updates and the user perceives a less responsive app. As an aside, I'm eventually hoping to provide a similar interface to files hosted on FTP / HTTP servers (over a local network / fastish DSL). What would be the best memory buffer size for those (again, a "best-case" tradeoff between perceived responsiveness vs. performance). Thanks in advance for any ideas, Adam

    Read the article

  • Sharepoint.OpenDocuments Control Compatible with Forms Authentication?

    - by Richard Collette
    We are using the Sharepoint.OpenDocuments.EditDocument2 ActiveX control and method. The method is being called from JavaScript in an IE6 client on a Windows XP SP3 client (fully patched). The server is running IIS6 on Windows Server 2003 SP1 Fronting the IIS server is Tivoli Access Manager (TAM) which proxies access to the web applications sitting behind it. Similar to forms authentication, it creates a session cookie for authentication purposes, that must be present for the HTTP request to reach the IIS server. In front of TAM is an F5/BigIP load balancer and SSL encryption offloader, which enforces that incoming requests use the HTTPS protocol. What is happening is that HTTP requests issued by this control do not contain any session cookies that were present in the browser. It drops the ASP.NET session cookie, the ASP.NET forms authentication cookie and the TAM cookie Because the TAM cookie is missing the request is redirected to the TAM login page, which then shows up via HTML conversion in Word or Excel. The API documentation at http://msdn.microsoft.com/en-us/library/ms440037.aspx mentions nothing about security or appropriate usage scenarios for this control. Should these controls work in an ASP.Net Forms Authentication scenario or are they only supported with Windows Authentication. If Forms Authentication is supposed to function, how do we get the control to include the necessary session cookies in its requests?

    Read the article

  • Proggraming a VPN, Authontication stage - RFC not clear enough

    - by John
    I have a custom build of a unix OS. My task: Adding an IPSec to the OS. I am working on Phase I, done sending the first 2 packets. what I am trying to do now is making the Identefication Payload. I've been reading RFC 2409 (Apendix B) which discuss the keying materials (SKEYID, SKEYID_d, SKEYID_a, SKEYID_e and the IV making). Now, I use SHA1 for authontication and thus I use HMAC-SHA1 & my encryption algorithem is AES 256bit. The real problem is that the RFC is not clear enough of what should I do regarding the PRF. It says: "Use of negotiated PRFs may require the PRF output to be expanded due to the PRF feedback mechanism employed by this document." I use SHA1, does it mean I do not negotiate a PRF? In my opinion, AES is the only algorithm that needs expention (a fixed length of 256bit), so, do i need to expand only the SKEYID_e? If you happen to know a clearer, though relible, source then the RFC please post a link. Thanks in advance!

    Read the article

  • Suggestions for GUI of a multiledia messaging application in J2ME

    - by awaghad-ashish
    Hello everyone, We have developed a messaging application in j2me which adds text message, gets pictures from gallery and attaches them to the message etc and sends it over to a server after encryption, i.e. the client wants the messages to be encrypted. The app is ready but the only problem is that the GUI of the app looks miserable compared to the GUI of native messaging application on Nokia phones. Our GUI consists of a texfield for adding recipients i.e. the user clicks "options" to "add recipients" and is taken to a new form where contacts are shown. but the textfield is not in one line (like in case of native app). Also, we need the user to input the text message in a textField since we cannot have textbox inside a form (but the native app has a textbox as well as a textField ). Are there any ways to achieve such GUIs (one-line textfields, textbox like thing inside a form)? I hope you all understand what I mean, any kind of help will be appreciated. Thanks and regards, Ashish.

    Read the article

  • Applications on the Web/Cloud the way to go? over Desktop apps?

    - by jiewmeng
    i am currently a mainly web developer, but is quite attracted to the performance and great integration with the OS (eg. Windows 7, Jump Lists, Taskbar Thumbnails, etc) something like WPF/C# can provide to the user, improving workflow and productivity. privacy and performance seems like a major downside of web/cloud apps compared to desktop apps. applications on the cloud/web work on the go, increased popularity of smartphones/netbooks majority of users may not benefit as much from increased performance of desktop apps, eg. internet surfing, word processing, probably benefit more from decreased startup times, lower costs and data on the cloud desktop applications increased performance benefits power users like 3D rendering, HD video/photo editing, gamers (i wonder if such processing maybe offset to cloud processing) integration with OS increases productivity (maybe such features can be adapted to a web version? maybe with a local desktop app to work with Web App API) more control over privacy (maybe fixed by encryption?) local data access (esp. large files) guaranteed and fast (YouTube HD fast enough most of the time) work not affected by intermittent/slow/availability internet connections (i know this is changing tho) what do you think?

    Read the article

  • Padding is invalid and cannot be removed

    - by Ajay
    I have hosted an asp.net 2.0 site. Everyday, i am getting an error "Padding is invalid and cannot be removed" 2-3 times. Backend used is sql server 2005. the site is controlled via plesk 9.2 CP. Pooling is enabled with timeout as 120 Minutes, in IIS. Can it be the reason for this? I have not used any encryption except for the stored passwords(MD5) The error message is : " Base Exception = : Padding is invalid and cannot be removed. - Source : System.Web - TargetSite :Void ThrowError(System.Exception, System.String, System.String, Boolean)Message : Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster. " & System Log (Application) says " Event code: 4009 Event message: Viewstate verification failed. Reason: The viewstate supplied failed integrity check. Event detail code: 50203 ViewStateException information: Exception message: Invalid viewstate. Port: 31235 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) " I have hosted it in a dedicated server and not in a web farm. Will keeping a static machine key help resolve this issue? Please guide me on this.

    Read the article

  • Keymap issues with NX from Mac OS X Lion

    - by Andy
    I tried to answer the question from Mark: Keymap issues with NX from Mac OS X Lion to Ubuntu However, it is locked so I figured I would post a new question / answer. I have been trying to answer this for a few days now because I have no issues when connecting through NX Client (technically OpenNX) to FreeNX server from an iMac (with Lion), but if I try to connect with a Macbook Pro I get horrible keyboard binding issues. The fix that is working for me is to go into: ~/.nx/config/HOST.nxs and change: <option key="Current keyboard" value="false"/> <option key="Custom keyboard layout" value="empty"/> <option key="Grab keyboard" value="false"/> I have tried this on three NX Servers and all are fixed. Hope it helps or gets you closer. Always check in the ~/.nx/temp/ for the sshlog and see if --keyboard="empty/empty" instead of "pc105/en" because the Mac is really pc104. 9:05:35: startsession --session="HOST" --type="unix-gnome" --cache="8M" --images="32M" --link="adsl" --geometry="2556\ x1396" --screeninfo="2560x1440x32+render" --keyboard="empty/empty" --backingstore="1" --encryption="1" --composite="1" --\ shmem="1" --shpix="1" --streaming="1" --samba="0" --cups="0" --nodelay="1" --defer="0" --client="macosx" --media="0" --st\ rict="0" --aux="1"

    Read the article

  • The RSA key container could not be opened

    - by TenaciousImpy
    Hi, I've been developing an ASP.NET site on an older machine running XP home. I recently got a new Win 7 PC and moved all my project files across. When I try and run the project, I get this error message: "Failed to decrypt using provider 'MyRsaProtectedConfigurationProvider'. Error message from the provider: The RSA key container could not be opened." I realised that I encrypted parts of my web.config file using a RSA encryption. This is where the problem now lies. I'm not sure how to get that key working again so that I can use it on my new machine. I exported the key from the older machine and imported it using: aspnet_regiis -pi "RSAProviderName" "C:\RSA_configkey.xml" This was imported successfully. I then ran the project, but the same error message came up. I figured it might be a permission thing, so I ran: aspnet_regiis -pa "RSAProviderName" "\Desktop" -full This was also successful, but I still get the error. From reading around, I've seen people use "ASPNET" instead of "\Desktop" (Desktop is my machine name). However, when I try and use "ASPNET", I get: No mapping between account name and security IDs was done. <Exception from HRESULT = 0x80070534 I can't work on the project until this is fixed, so any help is much appreciated. Thanks!

    Read the article

  • Oracle T4CPreparedStatement memory leaks?

    - by Jay
    A little background on the application that I am gonna talk about in the next few lines: XYZ is a data masking workbench eclipse RCP application: You give it a source table column, and a target table column, it would apply a trasformation (encryption/shuffling/etc) and copy the row data from source table to target table. Now, when I mask n tables at a time, n threads are launched by this app. Here is the issue: I have run into a production issue on first roll out of the above said app. Unfortunately, I don't have any logs to get to the root. However, I tried to run this app in test region and do a stress test. When I collected .hprof files and ran 'em through an analyzer (yourKit), I noticed that objects of oracle.jdbc.driver.T4CPreparedStatement was retaining heap. The analysis also tells me that one of my classes is holding a reference to this preparedstatement object and thereby, n threads have n such objects. T4CPreparedStatement seemed to have character arrays: lastBoundChars and bindChars each of size char[300000]. So, I researched a bit (google!), obtained ojdbc6.jar and tried decompiling T4CPreparedStatement. I see that T4CPreparedStatement extends OraclePreparedStatement, which dynamically manages array size of lastBoundChars and bindChars. So, my questions here are: Have you ever run into an issue like this? Do you know the significance of lastBoundChars / bindChars? I am new to profiling, so do you think I am not doing it correct? (I also ran the hprofs through MAT - and this was the main identified issue - so, I don't really think I could be wrong?) I have found something similar on the web here: http://forums.oracle.com/forums/thread.jspa?messageID=2860681 Appreciate your suggestions / advice.

    Read the article

  • Learning AES: the KeyBytes

    - by Tom Brito
    I got the following example from here: import java.security.Security; import javax.crypto.Cipher; import javax.crypto.spec.SecretKeySpec; public class MainClass { public static void main(String[] args) throws Exception { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); byte[] input = "www.java2s.com".getBytes(); byte[] keyBytes = new byte[] { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 }; SecretKeySpec key = new SecretKeySpec(keyBytes, "AES"); Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding", "BC"); System.out.println(new String(input)); // encryption pass cipher.init(Cipher.ENCRYPT_MODE, key); byte[] cipherText = new byte[cipher.getOutputSize(input.length)]; int ctLength = cipher.update(input, 0, input.length, cipherText, 0); ctLength += cipher.doFinal(cipherText, ctLength); System.out.println(new String(cipherText)); System.out.println(ctLength); // decryption pass cipher.init(Cipher.DECRYPT_MODE, key); byte[] plainText = new byte[cipher.getOutputSize(ctLength)]; int ptLength = cipher.update(cipherText, 0, ctLength, plainText, 0); ptLength += cipher.doFinal(plainText, ptLength); System.out.println(new String(plainText)); System.out.println(ptLength); } } I imagine that the byte[] keyBytes should be random generated, so I gone to test the max size before do it. When adding one more byte 0x18 to the array, the exception raised: InvalidKeyException: Key length not 128/192/256 bits. But the original 18 bytes (from 0 to 17) are not multiple of nither 128, 192 or 256. I would like to understand the math here.. can anyone explain me? Thanks!

    Read the article

  • Securely store a password in program code?

    - by Nick
    My application makes use of the RijndaelManaged class to encrypt data. As a part of this encryption, I use a SecureString object loaded with a password which get's get converted to a byte array and loaded into the RajindaelManaged object's Key at runtime. The question I have is the storage of this SecureString. A user entered password can be entered at run-time, and that can be "securely" loaded into a SecureString object, but if no user entered password is given, then I need to default to something. So ultimately the quesiton comes down to: If I have to have some known string or byte array to load into a SecureString object each time my application runs, how do I do that? The "encrypted" data ultimately gets decrypted by another application, so even if no user entered password is specified, I still need the data to be encrypted while it goes from one app to another. This means I can't have the default password be random, because the other app wouldn't be able to properly decrypt it. One possible solution I'm thinking is to create a dll which only spits out a single passphrase, then I use that passphrase and run it through a couple of different hashing/reorganizing functions at runtime before I ultimately feed it into the secureString object. Would this be secure enough?

    Read the article

  • Persisting complex data between postbacks in ASP.NET MVC

    - by Robert Wagner
    I'm developing an ASP.NET MVC 2 application that connects to some services to do data retrieval and update. The services require that I provide the original entity along with the updated entity when updating data. This is so it can do change tracking and optimistic concurrency. The services cannot be changed. My problem is that I need to somehow store the original entity between postbacks. In WebForms, I would have used ViewState, but from what I have read, that is out for MVC. The original values do not have to be tamper proof as the services treat them as untrusted. The entities would be (max) 1k and it is an intranet app. The options I have come up are: Session - Ruled out - Store the entity in the Session, but I don't like this idea as there are no plans to share session between URL - Ruled out - Data is too big HiddenField - Store the serialized entity in a hidden field, perhaps with encryption/encoding HiddenVersion - The entities have a (SQL) version field on them, which I could put into a hidden field. Then on a save I get "original" entity from the services and compare the versions, doing my own optimistic concurrency. Cookies - Like 3 or 4, but using a cookie instead of a hidden field I'm leaning towards option 4, although 3 would be simpler. Are these valid options or am I going down the wrong track? Is there a better way of doing this?

    Read the article

  • WCF Certificates without Certificate Store

    - by Kane
    My team is developing a number of WPF plug-ins for a 3rd party thick client application. The WPF plug-ins use WCF to consume web services published by a number of TIBCO services. The thick client application maintains a separate central data store and uses a proprietary API to access the data store. The thick client and WPF plug-ins are due to be deployed onto 10,000 workstations. Our customer wants to keep the certificate used by the thick client in the central data store so that they don't need to worry about re-issuing the certificate (current re-issue cycle takes about 3 months) and also have the opportunity to authorise the use of the certificate. The proposed architecture offers a form of shared secret / authentication between the central data store and the TIBCO services. Whilst I don’t necessarily agree with the proposed architecture our team is not able to change it and must work with what’s been provided. Basically our client wants us to build into our WPF plug-ins a mechanism which retrieves the certificate from the central data store (which will be allowed or denied based on roles in that data store) into memory then use the certificate for creating the SSL connection to the TIBCO services. No use of the local machine's certificate store is allowed and the in memory version is to be discarded at the end of each session. So the question is does anyone know if it is possible to pass an in-memory certificate to a WCF (.NET 3.5) service for SSL transport level encryption? Note: I had asked a similar question (here) but have since deleted it and re-asked it with more information.

    Read the article

  • Apache Not Accepting a Path in My Home Folder

    - by Promather
    I have trying to set up an Apache site to use a folder in my home folder without any success. I exactly followed the steps in this page: https://help.ubuntu.com/community/ApacheMySQLPHP yet I did not succeed; I keep getting error 403, which says that the server doesn't have permission to access the requested page. I searched forums and many suggested changing the permission of the folder. I went straight away and set the permission to 777, but that didn't solve the problem. I made another search and somebody gave me a clue, which is that it could be because my home folder is encrypted. I believe this could be the problem, but: What is the relation between encryption and Apache? I suppose Apache server is requesting the file from the system, rather than trying to access the file bytes! Is there anyway to solve this problem? I don't want to move the folder to /var/www because I am using this Apache for testing, so I want whatever change I make to be immediately reflected, rather than having to copy files which is error prone.

    Read the article

  • Game login authentication and security.

    - by Charles
    First off I will say I am completely new to security in coding. I am currently helping a friend develop a small game (in Python) which will have a login server. I don't have much knowledge regarding security, but I know many games do have issues with this. Everything from 3rd party applications (bots) to WPE packet manipulation. Considering how small this game will be and the limited user base, I doubt we will have serious issues, but would like to try our best to limit problems. I am not sure where to start or what methods I should use, or what's worth it. For example, sending data to the server such as login name and password. I was told his information should be encrypted when sending, so in-case someone was viewing it (with whatever means), that they couldn't get into the account. However, if someone is able to capture the encrypted string, wouldn't this string always work since it's decrypted server side? In other words, someone could just capture the packet, reuse it, and still gain access to the account? The main goal I am really looking for is to make sure the players are logging into the game with the client we provide, and to make sure it's 'secure' (broad, I know). I have looked around at different methods such as Public and Private Key encryption, which I am sure any hex editor could eventually find. There are many other methods that seem way over my head at the moment and leave the impression of overkill. I realize nothing is 100% secure. I am just looking for any input or reading material (links) to accomplish the main goal stated above. Would appreciate any help, thanks.

    Read the article

  • looking for a license key algorithm.

    - by giulio
    There are alot of questions relating to license keys asked on stackoverflow. But they don't answer this question. Can anyone provide a simple license key algorithm that is technology independent and doesn't required a diploma in mathematics to understand ? The license key algorithm is similar to public key encryption. I just need something simple that can be implemented in any platform .Net/Java and uses simple data like characters. Written as Pseudo code is perfect. So if a person presents a string, a complementary string can be generated that is the authorisation code. Below is a common scenario that it would be used for. Customer downloads s/w which generates a unique key upon initial startup/installation. S/w runs during trial period. At end of trial period an authorisation key is required. Customer goes to designated web-site, enters their code and get authorisation code to enable s/w, after paying :) Don't be afraid to describe your answer as though you're talking to a 5 yr old as I am not a mathemtician.

    Read the article

  • Application passwords and SQLite security

    - by Bryan
    I have been searching on google for information regarding application passwords and SQLite security for some time, and nothing that I have found has really answered my questions. Here is what I am trying to figure out: 1) My application is going to have an optional password activity that will be called when the application is first opened. My questions for this are a) If I store the password via android preference or SQLite database, how can I ensure security and privacy for the password, and b) how should password recovery be handled? Regarding b) from above, I have thought about requiring an email address when the password feature is enabled, and also a password hint question for use when requesting password recovery. Upon successfully answering the hint question, the password is then emailed to the email address that was submitted. I am not completely confident in the security and privacy of the email method, especially if the email is sent when the user is connected to an open, public wireless network. 2) My application will be using an SQLite database, which will be stored on the SD card if the user has one. Regardless of whether it is stored on the phone or the SD card, what options do I have for data encryption, and how does that affect the application performance? Thanks in advance for time taken to answer these questions. I think that there may be other developers struggling with the same concerns.

    Read the article

  • problem generating pgp keys?

    - by pavankumar
    I'm using RSACryptoServiceProvider I've generated public key and private key. The keys generated by it are in the following format: Public key: <RSAKeyValue> <Modulus>m9bAoh2...eGNKYs=</Modulus> <Exponent>AQAB</Exponent> </RSAKeyValue> Private key: <RSAKeyValue> <Modulus>m9bAo...ZAIeGNKYs=</Modulus> <Exponent>AQAB</Exponent> <P>xGj/UcXs...R1lmeVQ==</P> <Q>yx6e18aP...GXzXIXw==</Q> <DP>NyxvnJ...1xAsEyQ==</DP> <DQ>La17Jycd...FhApEqwznQ==</DQ> <InverseQ>JrG7WCT...Hp3OWA==</InverseQ> <D>RdWsOFn....KL699Vh6HK0=</D> </RSAKeyValue> but using PGP Desktop i've generated keys like this - Public key: mQCNBEoOlp8BBACi/3EvBZ83ZduvG6YHu5F0P7Z3xOnpIsaPvTk0q+dnjwDUa5sU lEFbUZgDXSz7ZRhyiNqUOy+IG3ghPxpiKGBtldVpi33qaFCCEBiqsxRRpVCLgTUK HP2kH5ysrlFWkxTo =a4t9 Private key: lQHgBEoOlp8BBACi/3EvBZ83ZduvG6YHu5F0P7Z3xOnpIsaPvTk0q+dnjwDUa5sU lEFbUZgDXSz7ZRhyiNqUOy+IG3ghPxpiKGBtldVpi33qaFCCEBiqsxRRpVCLgTUK waBnEitQti3XgUUEZnz/rnXcQVM0QFBe6H5x8fMDUw== =CVPD So when I'm passing the keys generated by PGP Desktop it is able to do encryption and decryption perfectly but when im passing the keys generated by RSACryptoServiceProvider I'm not able to encrypt and decrypt? Can anyone please tell me how to generate keys in the pattern generated by PGP?

    Read the article

  • Where are the real risks in network security?

    - by Barry Brown
    Anytime a username/password authentication is used, the common wisdom is to protect the transport of that data using encryption (SSL, HTTPS, etc). But that leaves the end points potentially vulnerable. Realistically, which is at greater risk of intrusion? Transport layer: Compromised via wireless packet sniffing, malicious wiretapping, etc. Transport devices: Risks include ISPs and Internet backbone operators sniffing data. End-user device: Vulnerable to spyware, key loggers, shoulder surfing, and so forth. Remote server: Many uncontrollable vulnerabilities including malicious operators, break-ins resulting in stolen data, physically heisting servers, backups kept in insecure places, and much more. My gut reaction is that although the transport layer is relatively easy to protect via SSL, the risks in the other areas are much, much greater, especially at the end points. For example, at home my computer connects directly to my router; from there it goes straight to my ISPs routers and onto the Internet. I would estimate the risks at the transport level (both software and hardware) at low to non-existant. But what security does the server I'm connected to have? Have they been hacked into? Is the operator collecting usernames and passwords, knowing that most people use the same information at other websites? Likewise, has my computer been compromised by malware? Those seem like much greater risks. What do you think?

    Read the article

< Previous Page | 72 73 74 75 76 77 78 79 80 81 82 83  | Next Page >