Search Results

Search found 12324 results on 493 pages for 'password encryption'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 96/493 | < Previous Page | 92 93 94 95 96 97 98 99 100 101 102 103  | Next Page >

  • How to Check Authenticity of an AJAX Request

    - by Alex Reisner
    I am designing a web site in which users solve puzzles as quickly as they can. JavaScript is used to time each puzzle, and the number of milliseconds is sent to the server via AJAX when the puzzle is completed. How can I ensure that the time received by the server was not forged by the user? I don't think a session-based authenticity token (the kind used for forms in Rails) is sufficient because I need to authenticate the source of a value, not just the legitimacy of the request. Is there a way to cryptographically sign the request? I can't think of anything that couldn't be duplicated by a hacker. Is any JavaScript, by its exposed, client-side nature, subject to tampering? Am I going to have to use something that gets compiled, like Flash? (Yikes.) Or is there some way to hide a secret key? Or something else I haven't thought of? Update: To clarify, I don't want to penalize people with slow network connections (and network speed should be considered inconsistent), so the timing needs to be 100% client-side (the timer starts only when we know the user can see the puzzle). Also, there is money involved so no amount of "trusting the user" is acceptable.

    Read the article

  • Why the generated key size is not constant?

    - by Tom Brito
    The following code prints randomly 634, 635, 636, each time I run it. Why its not constant? public static void main(String[] args) throws Exception { KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA", "BC"); keyPairGen.initialize(1024); RsaKeyPair keyPair = new RsaKeyPair(keyPairGen.generateKeyPair()); System.out.println(keyPair.getPrivate().getEncoded().length); }

    Read the article

  • Trying to understand Java RSA key size

    - by Tom Brito
    The key generator was initilized with a size of 1024, so why the printed sizes are 635 and 162? import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; public class TEST { public static KeyPair generateKeyPair() throws NoSuchAlgorithmException, NoSuchProviderException { KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC"); keyPairGenerator.initialize(1024); return keyPairGenerator.generateKeyPair(); } public static void main(String[] args) throws Exception { KeyPair keyPair = generateKeyPair(); RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate(); RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic(); System.out.println("Size = " + privateKey.getEncoded().length); System.out.println("Size = " + publicKey.getEncoded().length); } }

    Read the article

  • PHP and C# communication with Encrypt/Decrypt

    - by SilentWarrior
    Hello, I have been searching and cant find a consistent solution to my problem : I want to encrypt something in C# and decrypt it in PHP but also be able to encrypt in PHP and decrypt in C#, using the same key on both ends. All the solutions I found dont seem to work both ways, most of them only work on one language and then fail on the other, either by decrypting wrong or by blowing up the offsets. I would like to use TripleDES but it isnt a requirement, just want something relatively strong for plain text communication (will either use JSON or just plain key-value pairs for complex stuff). Thanks in advance PS: http://pastie.org/643106 this is what I have been testing with.

    Read the article

  • Why is using a Non-Random IV with CBC Mode a vulnerability?

    - by The Rook
    I understand the purpose of an IV. Specifically in CBC mode this insures that the first block of of 2 messages encrypted with the same key will never be identical. But why is it a vulnerability if the IV's are sequential? According to CWE-329 NON-Random IV's allow for the possibility of a dictionary attack. I know that in practice protocols like WEP make no effort to hide the IV. If the attacker has the IV and a cipher text message then this opens the door for a dictionary attack against the key. I don't see how a random iv changes this. (I know the attacks against wep are more complex than this.) What security advantage does a randomized iv have? Is this still a problem with an "Ideal Block Cipher"? (A perfectly secure block cipher with no possible weaknesses.)

    Read the article

  • What is the best php encoder software ?

    - by question_about_the_problem
    What is the best php encoder software? http://www.freedownloadmanager.org/downloads/php_encoder_software/ http://forums.digitalpoint.com/showthread.php?t=596680 or another. Everybody say Zend Guard. But you can decode/decript zend's files at the page http://www.showmycode.com/ I think, SourceGuardian is good. But I'm not so sure.

    Read the article

  • PHP: A way for a file to have its own MD5 inside?

    - by Eli
    Hi all, In considering several possible solutions to a recent task, I found myself considering how to get a php file that includes it's own MD5 hash. I ended up doing something else, but the question stayed with me. Something along the lines of: <?php echo("Hello, my MD5 is [MD5 OF THIS FILE HERE]"); ?> Whatever placeholder you have in the file, the second you take its MD5 and insert it, you've changed it.

    Read the article

  • Modify an MP3 slightly to change the data appearence

    - by Léon Pelletier
    I'm thinking about encrypting MP3s in a database, so that when user is downloading them with his software desktop player, only the software can decrypt them. This part is not a problem. The problem is I don't want a user to upload an mp3 to the database, then check which changes have been made to the file so he can reverse-engineer the file or at least see which algorithm is used to encrypt the files. So, user uploads MP3-A, then it becomes MP3-B because it has been modified, and I encrypt it to MP3-C. And when decrypted, it sounds 99.99% like MP3-A. I know MP3 format is lossy, but I wonder if there's a way to convert audio with limited loss, or if I need to forget it right now.

    Read the article

  • What is the best nuclear missile crypto system?

    - by The Rook
    You are on a submarine and there is an encrypted message that you want to read. Two people must use their keys at the same time in order to obtain the plain text. What is best cryptographic primitive to use? Are the following two implementations suitable? plain_text=decrypt(Key1 XOR key2,ciper_text,IV) plain_text=decrypt(Key1,rc4_encrypt(key2,ciper_text,IV2),IV1)

    Read the article

  • Cryptography for P2P card game

    - by zephyr
    I'm considering writing a computer adaptation of a semi-popular card game. I'd like to make it function without a central server, and I'm trying to come up with a scheme that will make cheating impossible without having to trust the client. The basic problem as I see it is that each player has a several piles of cards (draw deck, current hand and discard deck). It must be impossible for either player to alter the composition of these piles except when allowed by the game rules (ie drawing or discarding cards), nor should players be able to know what is in their or their oppponent's piles. I feel like there should be some way to use something like public-key cryptography to accomplish this, but I keep finding holes in my schemes. Can anyone suggest a protocol or point me to some resources on this topic? [Edit] Ok, so I've been thinking about this a bit more, and here's an idea I've come up with. If you can poke any holes in it please let me know. At shuffle time, a player has a stack of cards whose value is known to them. They take these values, concatenate a random salt to each, then hash them. They record the salts, and pass the hashes to their opponent. The opponent concatenates a salt of their own, hashes again, then shuffles the hashes and passes the deck back to the original player. I believe at this point, the deck has been randomized and neither player can have any knowledge of the values. However, when a card is drawn, the opponent can reveal their salt, allowing the first player to determine what the original value is, and when the card is played the player reveals their own salt, allowing the opponent to verify the card value.

    Read the article

  • Password generation, best practice

    - by Aidan
    I need to generate some passwords, I want to avoid characters that can be confused for each other. Is there a definitive list of characters I should avoid? my current list is il10o8B3Evu![]{} Are there any other pairs of characters that are easy to confuse? for special characters I was going to limit myself to those under the number keys, though I know that this differs depending on your keyboards nationality! As a rider question, I would like my passwords to be 'wordlike'do you have a favoured algorithm for that? Thanks :)

    Read the article

  • Hashing (hidding) strings in Python

    - by Lucas
    What I need is to hash a string. It doesn't really have to be secure because its just going to be a hidden pharse in the text file (simply it doesn't have to be recognizable for a human-eye). It should not be just a random string because when user will be typing the string I would like to hash it and compare it with already hashed one (in the text file). What would be the best for this purpose? Can it be done with the own class?

    Read the article

  • What decryption should i use between my Android app and ASP.NET Webservice?

    - by RickardP
    I am searching a good way to encrypt and decrypt user authentication data between my Android app and my ASP.NET Webservice built in C#. I want to do a user registration on my Android app and send the authentication to the back-end server that is a ASP.NET Webservice built in C# and then every time the app calls the webservice it should send a hashed string with authentication information so webservice now what user it is. What is the best practice for this and have i missed something, give me some ideas please!

    Read the article

  • How to take data from textarea and decrypt using javascript?

    - by user1657555
    I need to take data from a textarea on a website and decrypt it using a simple algorithm. The data is in the form of numbers separated by a comma. It also needs to read a space as a space. It looks like 42,54,57, ,57,40,57,44. Heres what I have so far: var my_textarea = $('textarea[name = "words"]').first(); var my_value = $(my_textarea).val(); var my_array = my_value.split(","); for (i=0; i < my_array.length; i++) { var nv = my_array - 124; var acv = nv + 34; var my_result = String.fromCharCode(acv); } prompt("", my_result);

    Read the article

  • Google Chrome Updates; Faster, Cleaner Menus, Encrypted Password Syncing, and More

    - by ETC
    Google Chrome has rolled out a new update that includes a host of improves such as easier to navigate menus, encrypted password syncing, over all speed improvements, Flash sandboxing, and more. Google Chome’s new update has a host of subtle but powerful improvements. The browser is faster, the security is improved thanks the addition of encrypted password syncing and sandboxing of the integrated flash player, and the settings menu has been restructured and cleaned up for easy navigation. Check out the video above to take a peek at some of the changes or hit up the link below to read more. Speedier, Simpler, and Safer: Chrome’s Basics Get Even Better [The Official Google Blog] Latest Features How-To Geek ETC How to Get Amazing Color from Photos in Photoshop, GIMP, and Paint.NET Learn To Adjust Contrast Like a Pro in Photoshop, GIMP, and Paint.NET Have You Ever Wondered How Your Operating System Got Its Name? Should You Delete Windows 7 Service Pack Backup Files to Save Space? What Can Super Mario Teach Us About Graphics Technology? Windows 7 Service Pack 1 is Released: But Should You Install It? Save Files Directly from Your Browser to the Cloud in Chrome and Iron The Steve Jobs Chronicles – Charlie and the Apple Factory [Video] Google Chrome Updates; Faster, Cleaner Menus, Encrypted Password Syncing, and More Glowing Chess Set Combines LEDs, Chess, and DIY Electronics Fun Peaceful Alpine River on a Sunny Day [Wallpaper] Fast Society Creates Mini and Mobile Temporary Social Networks

    Read the article

  • Printer share keeps asking for password and I can't authenticate from any machine. Why?

    - by tenshimsm
    Ubuntu 12.04 printer share keeps asking for password and I can't authenticate from any machine. Why?? We've installed it in two machine (to act as printer servers) and we get the same problem. It doesn't matter what we do, change or install. We can't figure out why the printer share asks for password even using all of the users that are registered in the server. What is wrong with Precise? I want it to work without a password, but it is not even working WITH one! I gave up! The samba version that comes with Precise is insufferable! I tried various settings that didn't work. I should've used Mint from the beginning. [Edit] My printers config. Remembering that samba is 3.6.3 in ubuntu 12.04 load printers = yes [printers] comment = All Printers browseable = yes path = /var/spool/samba printable = yes guest ok = yes readonly = yes create mask = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes readonly = yes guest ok = yes

    Read the article

  • Stop Windows Domain Environment Caching Old Passwords?

    - by Daryl Gill
    I have noticed on my domain environment; the old Administrator password (before password expire).. The client machines have cached the old password and have the ability to bypass the new password by entering the old one..? I have noticed on my domain environment; the old Administrator password (before password expire).. The client machines have cached the old password and have the ability to bypass the new password by entering the old one..? Basically; I'm running a UAC enabled domain, which needs the administrator password to continue basic stuff; installations and such. The password for the administrator account has been changed due to expiration of said accounts password. By accident a fellow administrator typed the old password and still bypassed the UAC with what should have been the incorrect password. Is this a bug with the environment? or something that needs to be tweaked in the server sided settings? Is this a bug with the environment? or something that needs to be tweaked in the server sided settings?

    Read the article

  • Implementing parts of rfc4226 (HOTP) in mysql

    - by Moose Morals
    Like the title says, I'm trying to implement the programmatic parts of RFC4226 "HOTP: An HMAC-Based One-Time Password Algorithm" in SQL. I think I've got a version that works (in that for a small test sample, it produces the same result as the Java version in the code), but it contains a nested pair of hex(unhex()) calls, which I feel can be done better. I am constrained by a) needing to do this algorithm, and b) needing to do it in mysql, otherwise I'm happy to look at other ways of doing this. What I've got so far: -- From the inside out... -- Concatinate the users secret, and the number of time its been used -- find the SHA1 hash of that string -- Turn a 40 byte hex encoding into a 20 byte binary string -- keep the first 4 bytes -- turn those back into a hex represnetation -- convert that into an integer -- Throw away the most-significant bit (solves signed/unsigned problems) -- Truncate to 6 digits -- store into otp -- from the otpsecrets table select (conv(hex(substr(unhex(sha1(concat(secret, uses))), 1, 4)), 16, 10) & 0x7fffffff) % 1000000 into otp from otpsecrets; Is there a better (more efficient) way of doing this?

    Read the article

  • Authorizing a computer to access a web application

    - by HackedByChinese
    I have a web application, and am tasked with adding secure sign-on to bolster security, akin to what Google has added to Google accounts. Use Case Essentially, when a user logs in, we want to detect if the user has previously authorized this computer. If the computer has not been authorized, the user is sent a one-time password (via email, SMS, or phone call) that they must enter, where the user may choose to remember this computer. In the web application, we will track authorized devices, allowing users to see when/where they logged in from that device last, and deauthorize any devices if they so choose. We require a solution that is very light touch (meaning, requiring no client-side software installation), and works with Safari, Chrome, Firefox, and IE 7+ (unfortunately). We will offer x509 security, which provides adequate security, but we still need a solution for customers that can't or won't use x509. My intention is to store authorization information using cookies (or, potentially, using local storage, degrading to flash cookies, and then normal cookies). At First Blush Track two separate values (local data or cookies): a hash representing a secure sign-on token, as well as a device token. Both values are driven (and recorded) by the web application, and dictated to the client. The SSO token is dependent on the device as well as a sequence number. This effectively allows devices to be deauthorized (all SSO tokens become invalid) and mitigates replay (not effectively, though, which is why I'm asking this question) through the use of a sequence number, and uses a nonce. Problem With this solution, it's possible for someone to just copy the SSO and device tokens and use in another request. While the sequence number will help me detect such an abuse and thus deauthorize the device, the detection and response can only happen after the valid device and malicious request both attempt access, which is ample time for damage to be done. I feel like using HMAC would be better. Track the device, the sequence, create a nonce, timestamp, and hash with a private key, then send the hash plus those values as plain text. Server does the same (in addition to validating the device and sequence) and compares. That seems much easier, and much more reliable.... assuming we can securely negotiate, exchange, and store private keys. Question So then, how can I securely negotiate a private key for authorized device, and then securely store that key? Is it more possible, at least, if I settle for storing the private key using local storage or flash cookies and just say it's "good enough"? Or, is there something I can do to my original draft to mitigate the vulnerability I describe?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 92 93 94 95 96 97 98 99 100 101 102 103  | Next Page >