Search Results

Search found 1053 results on 43 pages for 'encrypt'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 6/43 | < Previous Page | 2 3 4 5 6 7 8 9 10 11 12 13  | Next Page >

  • Why does the web page I fetch with Perl look odd?

    - by Tichomir Mitkov
    I have a Perl script to open this page http://svejo.net/popular/all/new/ and filter the names of the posts but except headers everything seems encrypted. Nothing can be read. When I open the same page in a browser everything looks fine including the source code. How is it possible to encrypt a page for a script and not for a browser? My Perl script sends the same headers as my browser (Google Chrome).

    Read the article

  • Encrypted HTML page without HTTPS

    - by Tichomir Mitkov
    I have a Perl script to open this page http://svejo.net/popular/all/new/ and filter the names of the posts but except headers everything seems encrypted. Nothing can be read. When I open the same page in a browser everything looks fine including the source code. How is it possible to encrypt a page for a script and not for a browser? My Perl script sends the same headers as my browser (Google Chrome).

    Read the article

  • WCF client encrypt message to JAVA WS using username_token with message protection client policy

    - by Alex
    I am trying to create a WCF client APP that is consuming a JAVA WS that uses username_token with message protection client policy. There is a private key that is installed on the server and a public certificate file was exported from the JKS keystore file. I have installed the public key into certificate store via MMC under Personal certificates. I am trying to create a binding that will encrypt the message and pass the username as part of the payload. I have been researching and trying the different configurations for about a day now. I found a similar situation on the msdn forum: http://social.msdn.microsoft.com/Forums/en/wcf/thread/ce4b1bf5-8357-4e15-beb7-2e71b27d7415 This is the configuration that I am using in my app.config <customBinding> <binding name="certbinding"> <security authenticationMode="UserNameOverTransport"> <secureConversationBootstrap /> </security> <httpsTransport requireClientCertificate="true" /> </binding> </customBinding> <endpoint address="https://localhost:8443/ZZZService?wsdl" binding="customBinding" bindingConfiguration="cbinding" contract="XXX.YYYPortType" name="ServiceEndPointCfg" /> And this is the client code that I am using: EndpointAddress endpointAddress = new EndpointAddress(url + "?wsdl"); P6.WCF.Project.ProjectPortTypeClient proxy = new P6.WCF.Project.ProjectPortTypeClient("ServiceEndPointCfg", endpointAddress); proxy.ClientCredentials.UserName.UserName = UserName; proxy.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindByThumbprint, "67 87 ba 28 80 a6 27 f8 01 a6 53 2f 4a 43 3b 47 3e 88 5a c1"); var projects = proxy.ReadProjects(readProjects); This is the .NET CLient error I get: Error Log: Invalid security information. On the Java WS side I trace the log : SEVERE: Encryption is enabled but there is no encrypted key in the request. I traced the SOAP headers and payload and did confirm the encrypted key is not there. Headers: {expect=[100-continue], content-type=[text/xml; charset=utf-8], connection=[Keep-Alive], host=[localhost:8443], Content-Length=[731], vsdebuggercausalitydata=[uIDPo6hC1kng3ehImoceZNpAjXsAAAAAUBpXWdHrtkSTXPWB7oOvGZwi7MLEYUZKuRTz1XkJ3soACQAA], SOAPAction=[""], Content-Type=[text/xml; charset=utf-8]} Payload: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><s:Header><o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><o:UsernameToken u:Id="uuid-5809743b-d6e1-41a3-bc7c-66eba0a00998-1"><o:Username>admin</o:Username><o:Password>admin</o:Password></o:UsernameToken></o:Security></s:Header><s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><ReadProjects xmlns="http://xmlns.dev.com/WS/Project/V1"><Field>ObjectId</Field><Filter>Id='WS-Demo'</Filter></ReadProjects></s:Body></s:Envelope> I have also tryed some other bindings but with no success: <basicHttpBinding> <binding name="basicHttp"> <security mode="TransportWithMessageCredential"> <message clientCredentialType="Certificate"/> </security> </binding> </basicHttpBinding> <wsHttpBinding> <binding name="wsBinding"> <security mode="Message"> <message clientCredentialType="UserName" negotiateServiceCredential="false" /> </security> </binding> </wsHttpBinding> Your help will be greatly aprreciatted! Thanks!

    Read the article

  • JSON + 3des encrypt dosen't work

    - by oscurodrago
    i'm trying to pass some JSON data encrypted to my app but seem when i decrypt it my script add some 00 to hexe code making it impossible to be serialized i've tried to pass data uncrypted and crypted and the only difference i found is 00 at the end that is how i read JSON if isn't Encrypted NSLog(@"A) %@", response ); NSMutableArray *json = [NSJSONSerialization JSONObjectWithData:response options:kNilOptions error:&error]; NSLog(@"B) %@", error); that is NSLog Output 2012-03-28 00:43:58.399 VGCollect[5583:f803] A) <5b7b2274 69746c65 223a2252 696c6173 63696174 61206c61 20707269 6d612045 7370616e 73696f6e 65206469 20526167 6e61726f 6b204f64 79737365 79222c22 63617465 676f7279 223a225b 20505356 69746120 5d222c22 696d6755 726c223a 22494d41 4745535c 2f323031 325c2f30 335c2f30 30303038 3536345f 31353078 38302e6a 7067227d 2c7b2274 69746c65 223a2250 68616e74 61737920 53746172 204f6e6c 696e6520 3220616e 63686520 73752069 4f532065 20416e64 726f6964 20222c22 63617465 676f7279 223a225b 20495048 4f4e452c 2050432c 20505356 69746120 5d222c22 696d6755 726c223a 22494d41 4745535c 2f323031 325c2f30 335c2f30 30303038 3437355f 31353078 38302e6a 7067227d 2c7b2274 69746c65 223a2250 72696d69 20536372 65656e73 686f7420 696e2061 6c747261 20726973 6f6c757a 696f6e65 20706572 202e6861 636b5c2f 5c2f7665 72737573 222c2263 61746567 6f727922 3a225b20 50533320 5d222c22 696d6755 726c223a 22494d41 4745535c 2f323031 325c2f30 335c2f30 30303038 3437325f 31353078 38302e6a 7067227d 2c7b2274 69746c65 223a2269 6c206e75 6f766f20 444c4320 64692046 696e616c 2046616e 74617379 20584949 492d3220 636f6e66 65726d61 746f2061 6e636865 20696e20 416d6572 69636122 2c226361 7465676f 7279223a 225b2050 53332c20 58333630 205d222c 22696d67 55726c22 3a22494d 41474553 5c2f3230 31325c2f 30335c2f 30303030 38343439 5f313530 7838302e 6a706722 7d2c7b22 7469746c 65223a22 52656769 73747261 746f2069 6c206d61 72636869 6f205461 6c657320 6f662058 696c6c69 6120696e 20457572 6f706122 2c226361 7465676f 7279223a 225b2050 5333205d 222c2269 6d675572 6c223a22 494d4147 45535c2f 32303132 5c2f3033 5c2f3030 30303834 34385f31 35307838 302e6a70 67227d2c 7b227469 746c6522 3a225376 656c6174 69202e68 61636b5c 2f5c2f56 65727375 732e2065 202e6861 636b5c2f 5c2f5365 6b616920 6e6f204d 756b6f75 206e6922 2c226361 7465676f 7279223a 225b2050 5333205d 222c2269 6d675572 6c223a22 494d4147 45535c2f 32303132 5c2f3033 5c2f3030 30303834 33345f31 35307838 302e6a70 67227d2c 7b227469 746c6522 3a22476f 6e205061 6b752050 616b7520 50616b75 2050616b 75204164 76656e74 75726520 756e206e 756f766f 2067696f 636f2064 69204e61 6d636f20 42616e64 6169222c 22636174 65676f72 79223a22 5b203344 53205d22 2c22696d 6755726c 223a2249 4d414745 535c2f32 3031325c 2f30335c 2f303030 30383432 385f3135 30783830 2e6a7067 227d2c7b 22746974 6c65223a 224e756f 76652069 6d6d6167 696e6920 6520696e 666f2064 69204669 72652045 6d626c65 6d204177 616b656e 696e6722 2c226361 7465676f 7279223a 225b2033 4453205d 222c2269 6d675572 6c223a22 494d4147 45535c2f 32303132 5c2f3033 5c2f3030 30303834 31365f31 35307838 302e6a70 67227d2c 7b227469 746c6522 3a225072 696d6520 696d6d61 67696e69 20646569 206e756f 76692044 4c432064 69204669 6e616c20 46616e74 61737920 58494949 2d32222c 22636174 65676f72 79223a22 5b205053 332c2058 33363020 5d222c22 696d6755 726c223a 22494d41 4745535c 2f323031 325c2f30 335c2f30 30303038 3431325f 31353078 38302e6a 7067227d 2c7b2274 69746c65 223a2249 6e206172 7269766f 20717565 73746f20 41757475 6e6e6f20 45706963 204d6963 6b657920 323a2054 68652050 6f776572 206f6620 54776f22 2c226361 7465676f 7279223a 225b2050 53332c20 5769692c 20583336 30205d22 2c22696d 6755726c 223a2249 4d414745 535c2f32 3031325c 2f30335c 2f303030 30383430 385f3135 30783830 2e6a7067 227d5d> 2012-03-28 00:43:58.410 VGCollect[5583:f803] B) (null) instead that is how i serialize my crypted JSON NSData *decryptBase64 = [GTMBase64 decodeData:response]; NSData *decrypt3DES = [Crypt TripleDES:decryptBase64 encryptOrDecrypt:kCCDecrypt key:@"2b9534b45611cbb2436e625d"]; NSLog(@"A) %@", decrypt3DES ); NSMutableArray *json = [NSJSONSerialization JSONObjectWithData:decrypt3DES options:kNilOptions error:&error]; NSLog(@"B) %@", error); and that is the NSLog output 2012-03-28 00:41:51.525 VGCollect[5529:f803] A) <5b7b2274 69746c65 223a2252 696c6173 63696174 61206c61 20707269 6d612045 7370616e 73696f6e 65206469 20526167 6e61726f 6b204f64 79737365 79222c22 63617465 676f7279 223a225b 20505356 69746120 5d222c22 696d6755 726c223a 22494d41 4745535c 2f323031 325c2f30 335c2f30 30303038 3536345f 31353078 38302e6a 7067227d 2c7b2274 69746c65 223a2250 68616e74 61737920 53746172 204f6e6c 696e6520 3220616e 63686520 73752069 4f532065 20416e64 726f6964 20222c22 63617465 676f7279 223a225b 20495048 4f4e452c 2050432c 20505356 69746120 5d222c22 696d6755 726c223a 22494d41 4745535c 2f323031 325c2f30 335c2f30 30303038 3437355f 31353078 38302e6a 7067227d 2c7b2274 69746c65 223a2250 72696d69 20536372 65656e73 686f7420 696e2061 6c747261 20726973 6f6c757a 696f6e65 20706572 202e6861 636b5c2f 5c2f7665 72737573 222c2263 61746567 6f727922 3a225b20 50533320 5d222c22 696d6755 726c223a 22494d41 4745535c 2f323031 325c2f30 335c2f30 30303038 3437325f 31353078 38302e6a 7067227d 2c7b2274 69746c65 223a2269 6c206e75 6f766f20 444c4320 64692046 696e616c 2046616e 74617379 20584949 492d3220 636f6e66 65726d61 746f2061 6e636865 20696e20 416d6572 69636122 2c226361 7465676f 7279223a 225b2050 53332c20 58333630 205d222c 22696d67 55726c22 3a22494d 41474553 5c2f3230 31325c2f 30335c2f 30303030 38343439 5f313530 7838302e 6a706722 7d2c7b22 7469746c 65223a22 52656769 73747261 746f2069 6c206d61 72636869 6f205461 6c657320 6f662058 696c6c69 6120696e 20457572 6f706122 2c226361 7465676f 7279223a 225b2050 5333205d 222c2269 6d675572 6c223a22 494d4147 45535c2f 32303132 5c2f3033 5c2f3030 30303834 34385f31 35307838 302e6a70 67227d2c 7b227469 746c6522 3a225376 656c6174 69202e68 61636b5c 2f5c2f56 65727375 732e2065 202e6861 636b5c2f 5c2f5365 6b616920 6e6f204d 756b6f75 206e6922 2c226361 7465676f 7279223a 225b2050 5333205d 222c2269 6d675572 6c223a22 494d4147 45535c2f 32303132 5c2f3033 5c2f3030 30303834 33345f31 35307838 302e6a70 67227d2c 7b227469 746c6522 3a22476f 6e205061 6b752050 616b7520 50616b75 2050616b 75204164 76656e74 75726520 756e206e 756f766f 2067696f 636f2064 69204e61 6d636f20 42616e64 6169222c 22636174 65676f72 79223a22 5b203344 53205d22 2c22696d 6755726c 223a2249 4d414745 535c2f32 3031325c 2f30335c 2f303030 30383432 385f3135 30783830 2e6a7067 227d2c7b 22746974 6c65223a 224e756f 76652069 6d6d6167 696e6920 6520696e 666f2064 69204669 72652045 6d626c65 6d204177 616b656e 696e6722 2c226361 7465676f 7279223a 225b2033 4453205d 222c2269 6d675572 6c223a22 494d4147 45535c2f 32303132 5c2f3033 5c2f3030 30303834 31365f31 35307838 302e6a70 67227d2c 7b227469 746c6522 3a225072 696d6520 696d6d61 67696e69 20646569 206e756f 76692044 4c432064 69204669 6e616c20 46616e74 61737920 58494949 2d32222c 22636174 65676f72 79223a22 5b205053 332c2058 33363020 5d222c22 696d6755 726c223a 22494d41 4745535c 2f323031 325c2f30 335c2f30 30303038 3431325f 31353078 38302e6a 7067227d 2c7b2274 69746c65 223a2249 6e206172 7269766f 20717565 73746f20 41757475 6e6e6f20 45706963 204d6963 6b657920 323a2054 68652050 6f776572 206f6620 54776f22 2c226361 7465676f 7279223a 225b2050 53332c20 5769692c 20583336 30205d22 2c22696d 6755726c 223a2249 4d414745 535c2f32 3031325c 2f30335c 2f303030 30383430 385f3135 30783830 2e6a7067 227d5d00> 2012-03-28 00:41:51.530 VGCollect[5529:f803] B) Error Domain=NSCocoaErrorDomain Code=3840 "The operation couldn’t be completed. (Cocoa error 3840.)" (Garbage at end.) UserInfo=0x6ccdd40 {NSDebugDescription=Garbage at end.} as u can see the only difference between 2 NSlogs is 00 at the end of second hexcode and the error on serialization of it do u know how fix that ? idk if is needed, that is my script for encrypt data +(NSData*)TripleDES:(NSData*)plainData encryptOrDecrypt:(CCOperation)encryptOrDecrypt key:(NSString*)key { const void *vplainText; size_t plainTextBufferSize; plainTextBufferSize = [plainData length]; vplainText = (const void *)[plainData bytes]; CCCryptorStatus ccStatus; uint8_t *bufferPtr = NULL; size_t bufferPtrSize = 0; size_t movedBytes = 0; // uint8_t ivkCCBlockSize3DES; bufferPtrSize = (plainTextBufferSize + kCCBlockSize3DES) & ~(kCCBlockSize3DES - 1); bufferPtr = malloc( bufferPtrSize * sizeof(uint8_t)); memset((void *)bufferPtr, 0x0, bufferPtrSize); // memset((void *) iv, 0x0, (size_t) sizeof(iv)); // NSString *key = @"123456789012345678901234"; NSString *initVec = @"init Vec"; const void *vkey = (const void *) [key UTF8String]; const void *vinitVec = (const void *) [initVec UTF8String]; ccStatus = CCCrypt(encryptOrDecrypt, kCCAlgorithm3DES, (kCCOptionPKCS7Padding | kCCOptionECBMode) , vkey, //"123456789012345678901234", //key kCCKeySize3DES, vinitVec, //"init Vec", //iv, vplainText, //"Your Name", //plainText, plainTextBufferSize, (void *)bufferPtr, bufferPtrSize, &movedBytes); NSData *result = [NSData dataWithBytes:(const void *)bufferPtr length:(NSUInteger)movedBytes]; return result; }

    Read the article

  • C#, AES encryption check!

    - by Data-Base
    I have this code for AES encryption, can some one verify that this code is good and not wrong? it works fine, but I'm more concern about the implementation of the algorithm // Plaintext value to be encrypted. //Passphrase from which a pseudo-random password will be derived. //The derived password will be used to generate the encryption key. //Password can be any string. In this example we assume that this passphrase is an ASCII string. //Salt value used along with passphrase to generate password. //Salt can be any string. In this example we assume that salt is an ASCII string. //HashAlgorithm used to generate password. Allowed values are: "MD5" and "SHA1". //SHA1 hashes are a bit slower, but more secure than MD5 hashes. //PasswordIterations used to generate password. One or two iterations should be enough. //InitialVector (or IV). This value is required to encrypt the first block of plaintext data. //For RijndaelManaged class IV must be exactly 16 ASCII characters long. //KeySize. Allowed values are: 128, 192, and 256. //Longer keys are more secure than shorter keys. //Encrypted value formatted as a base64-encoded string. public static string Encrypt(string PlainText, string Password, string Salt, string HashAlgorithm, int PasswordIterations, string InitialVector, int KeySize) { byte[] InitialVectorBytes = Encoding.ASCII.GetBytes(InitialVector); byte[] SaltValueBytes = Encoding.ASCII.GetBytes(Salt); byte[] PlainTextBytes = Encoding.UTF8.GetBytes(PlainText); PasswordDeriveBytes DerivedPassword = new PasswordDeriveBytes(Password, SaltValueBytes, HashAlgorithm, PasswordIterations); byte[] KeyBytes = DerivedPassword.GetBytes(KeySize / 8); RijndaelManaged SymmetricKey = new RijndaelManaged(); SymmetricKey.Mode = CipherMode.CBC; ICryptoTransform Encryptor = SymmetricKey.CreateEncryptor(KeyBytes, InitialVectorBytes); MemoryStream MemStream = new MemoryStream(); CryptoStream CryptoStream = new CryptoStream(MemStream, Encryptor, CryptoStreamMode.Write); CryptoStream.Write(PlainTextBytes, 0, PlainTextBytes.Length); CryptoStream.FlushFinalBlock(); byte[] CipherTextBytes = MemStream.ToArray(); MemStream.Close(); CryptoStream.Close(); return Convert.ToBase64String(CipherTextBytes); } public static string Decrypt(string CipherText, string Password, string Salt, string HashAlgorithm, int PasswordIterations, string InitialVector, int KeySize) { byte[] InitialVectorBytes = Encoding.ASCII.GetBytes(InitialVector); byte[] SaltValueBytes = Encoding.ASCII.GetBytes(Salt); byte[] CipherTextBytes = Convert.FromBase64String(CipherText); PasswordDeriveBytes DerivedPassword = new PasswordDeriveBytes(Password, SaltValueBytes, HashAlgorithm, PasswordIterations); byte[] KeyBytes = DerivedPassword.GetBytes(KeySize / 8); RijndaelManaged SymmetricKey = new RijndaelManaged(); SymmetricKey.Mode = CipherMode.CBC; ICryptoTransform Decryptor = SymmetricKey.CreateDecryptor(KeyBytes, InitialVectorBytes); MemoryStream MemStream = new MemoryStream(CipherTextBytes); CryptoStream cryptoStream = new CryptoStream(MemStream, Decryptor, CryptoStreamMode.Read); byte[] PlainTextBytes = new byte[CipherTextBytes.Length]; int ByteCount = cryptoStream.Read(PlainTextBytes, 0, PlainTextBytes.Length); MemStream.Close(); cryptoStream.Close(); return Encoding.UTF8.GetString(PlainTextBytes, 0, ByteCount); } Thank you

    Read the article

  • Enigmail - how to encrypt only part of the message?

    - by Lukasz Zaroda
    When I confirmed my OpenPGP key on launchpad I got a mail from them, that was only partially encrypted with my key (only few paragraphs inside the message). Is it possible to encrypt only chosen part of the message with Enigmail? Or what would be the easiest way to accomplish it? Added #1: I found a pretty convenient way for producing ASCII armoured encrypted messages by using Nautilus interface (useful for ones that for some reason doesn't like to work with terminal). You need to install Nautilus-Actions Configuration Tool, and add there a script with a name eg. "Encrypt in ASCII" and parameters: path: gpg parameters: --batch -sear %x %f The trick is that now you can create file, with extension that would be name of your recipient, you can then fill it with your message, right click it in Nautilus, choose "Encrypt in ASCII", and you will have encrypted ascii file which content you can (probably) just copy to your message. But if anybody knows more convenient solution please share it. Added #1B: In the above case if you care more about security of your messages, It's worth to turning off invisible backup files that gedit creates every time, you create new document, or just remember to delete them.

    Read the article

  • how to display the decrypted and splited Strings in order?

    - by sebby_zml
    Hi everyone, i need some help and guidance in displaying the splitted Strings in order. let say, i have username, password, nonceInString. i had successfully encrypted and decrypted those. then i split the decrypted data. it was done, too. i want to display the decrypted data in order. something like this. userneme: sebastian password: harrypotter nonce value: sdgvay1saq3qsd5vc6dger9wqktue2tz* i tried the following code, but it didn't display like i wish to. pls help. thanks a lot in advance. String codeWord = username + ";" + password + ";" + nonceInString; String encryptedData = aesEncryptDecrypt.encrypt(codeWord); String decryptedData = aesEncryptDecrypt.decrypt(encryptedData); String[] splits = decryptedData.split(";"); String[] variables = {"username", "password", "nonce value"}; for (String data : variables){ for (String item : splits){ System.out.println( data + ": "+ item); } }

    Read the article

  • If attacker has original data and encrypted data, can they determine the passphrase?

    - by Brad Cupit
    If an attacker has several distinct items (for example: e-mail addresses) and knows the encrypted value of each item, can the attacker more easily determine the secret passphrase used to encrypt those items? Meaning, can they determine the passphrase without resorting to brute force? This question may sound strange, so let me provide a use-case: User signs up to a site with their e-mail address Server sends that e-mail address a confirmation URL (for example: https://my.app.com/confirmEmailAddress/bill%40yahoo.com) Attacker can guess the confirmation URL and therefore can sign up with someone else's e-mail address, and 'confirm' it without ever having to sign in to that person's e-mail account and see the confirmation URL. This is a problem. Instead of sending the e-mail address plain text in the URL, we'll send it encrypted by a secret passphrase. (I know the attacker could still intercept the e-mail sent by the server, since e-mail are plain text, but bear with me here.) If an attacker then signs up with multiple free e-mail accounts and sees multiple URLs, each with the corresponding encrypted e-mail address, could the attacker more easily determine the passphrase used for encryption? Alternative Solution I could instead send a random number or one-way hash of their e-mail address (plus random salt). This eliminates storing the secret passphrase, but it means I need to store that random number/hash in the database. The original approach above does not require storage in the database. I'm leaning towards the the one-way-hash-stored-in-the-db, but I still would like to know the answer: does having multiple unencrypted e-mail addresses and their encrypted counterparts make it easier to determine the passphrase used?

    Read the article

  • If attacker has original data, and encrypted data, can they determine the passphrase?

    - by Brad Cupit
    If an attacker has several distinct items (for example: e-mail addresses) and knows the encrypted value of each item, can the attacker more easily determine the secret passphrase used to encrypt those items? Meaning, can they determine the passphrase without resorting to brute force? This question may sound strange, so let me provide a use-case: User signs up to a site with their e-mail address Server sends that e-mail address a confirmation URL (for example: https://my.app.com/confirmEmailAddress/bill%40yahoo.com) Attacker can guess the confirmation URL and therefore can sign up with someone else's e-mail address, and 'confirm' it without ever having to sign in to that person's e-mail account and see the confirmation URL. This is a problem. Instead of sending the e-mail address plain text in the URL, we'll send it encrypted by a secret passphrase. (I know the attacker could still intercept the e-mail sent by the server, since e-mail are plain text, but bear with me here.) If an attacker then signs up with multiple free e-mail accounts and sees multiple URLs, each with the corresponding encrypted e-mail address, could the attacker more easily determine the passphrase used for encryption? Alternative Solution I could instead send a random number or one-way hash of their e-mail address (plus random salt). This eliminates storing the secret passphrase, but it means I need to store that random number/hash in the database. The original approach above does not require this extra table. I'm leaning towards the the one-way hash + extra table solution, but I still would like to know the answer: does having multiple unencrypted e-mail addresses and their encrypted counterparts make it easier to determine the passphrase used?

    Read the article

  • [C#] How to receive uncrackable data or so ? ;P

    - by Prix
    Hi, I am working on an C# application to communicate with my website and retrieve some information from it, using SSL which is working just fine. Now what i want/need is a way to receive encrypted or codified or obfuscated data that if some one cracks my application they will not be able to decrypt the data because it needs something from the server (api, website) but yet the application needs to decrypt it in order to use it... initally i was thinking of an inside RSA pair or keys, to send and receive the encrypt data but let's consider that someone has cracked the application, they could just replace those keys for keys they have made, so i was looking into some methods but havent found or been able to think of any way to harder this... I was learning about RSA, encryption and such and started developing this as a self learning and got involved with it and now i am trying to figure out a way to receive data like that... I have considered obfuscating and compiling my code with packers and etc but this is not about packing it etc... i am more interested in knowing a better way to secure what i described i know it may or is impossible but yet i am looking forward to some approch. I would appreciate advices, suggestions and C# code samples, if you need more information or anything please let me know.

    Read the article

  • iPhone AES encryption issue

    - by Dilshan
    Hi, I use following code to encrypt using AES. - (NSData*)AES256EncryptWithKey:(NSString*)key theMsg:(NSData *)myMessage { // 'key' should be 32 bytes for AES256, will be null-padded otherwise char keyPtr[kCCKeySizeAES256 + 1]; // room for terminator (unused) bzero(keyPtr, sizeof(keyPtr)); // fill with zeroes (for padding) // fetch key data [key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding]; NSUInteger dataLength = [myMessage length]; //See the doc: For block ciphers, the output size will always be less than or //equal to the input size plus the size of one block. //That's why we need to add the size of one block here size_t bufferSize = dataLength + kCCBlockSizeAES128; void* buffer = malloc(bufferSize); size_t numBytesEncrypted = 0; CCCryptorStatus cryptStatus = CCCrypt(kCCEncrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding, keyPtr, kCCKeySizeAES256, NULL /* initialization vector (optional) */, [myMessage bytes], dataLength, /* input */ buffer, bufferSize, /* output */ &numBytesEncrypted); if (cryptStatus == kCCSuccess) { //the returned NSData takes ownership of the buffer and will free it on deallocation return [NSData dataWithBytesNoCopy:buffer length:numBytesEncrypted]; } free(buffer); //free the buffer; return nil; } However the following code chunk returns null if I tried to print the encryptmessage variable. Same thing applies to decryption as well. What am I doing wrong here? NSData *encrData = [self AES256EncryptWithKey:theKey theMsg:myMessage]; NSString *encryptmessage = [[NSString alloc] initWithData:encrData encoding:NSUTF8StringEncoding]; Thank you

    Read the article

  • encrypting passwords in a python conf file on a windows platform

    - by Richard
    Hello all. I have a script running on a remote machine. db info is stored in a configuration file. I want to be able to encrypt the password in the conf text so that no one can just read the file and gain access to the database. This is my current set up: My conf file sensitive info is encoded with base64 module. The main script then decodes the info. I have compiled the script using py2exe to make it a bit harder to see the code. My question is: Is there a better way of doing this? I know that base64 is not a very safe way of encrypting. Is there a way to encode using a key? I also know that py2exe can be reversed engineered very easily and the key could be found. Any other thoughts? I am also running this script on a windows machine, so any modules that are suggested should be able to run in a windows environment with ease. I know there are several other posts on this topic but I have not found one with a windows solution, or at least one that is will explained.

    Read the article

  • How to encrypt Amazon CloudFront signature for private content access using canned policy

    - by Chet
    Has anyone using .net actually worked out how to successfully sign a signature to use with CloudFront private content? After a couple of days of attempts all I can get is Access Denied. I have been working with variations of the following code and also tried using OpenSSL.Net and AWSSDK but that does not have a sign method for RSA-SHA1 yet. The signature (data) looks like this {"Statement":[{"Resource":"http://xxxx.cloudfront.net/xxxx.jpg","Condition":?{"DateLessThan":?{"AWS:EpochTime":1266922799}}}]} This method attempts to sign the signature for use in the canned url. So of the variations have included chanding the padding used in the has and also reversing the byte[] before signing as apprently OpenSSL do it this way. public string Sign(string data) { using (SHA1Managed SHA1 = new SHA1Managed()) { RSACryptoServiceProvider provider = new RSACryptoServiceProvider(); RSACryptoServiceProvider.UseMachineKeyStore = false; // Amazon PEM converted to XML using OpenSslKey provider.FromXmlString("<RSAKeyValue><Modulus>....."); byte[] plainbytes = System.Text.Encoding.UTF8.GetBytes(data); byte[] hash = SHA1.ComputeHash(plainbytes); //Array.Reverse(sig); // I have see some examples that reverse the hash byte[] sig = provider.SignHash(hash, "SHA1"); return Convert.ToBase64String(sig); } } Its useful to note that I have verified the content is setup correctly in S3 and CloudFront by generating a CloudFront canned policy url using my CloudBerry Explorer. How do they do it? Any ideas would be much appreciated. Thanks

    Read the article

  • RSA Encrypt in PHP to decrypt in .NET

    - by user312904
    In PHP I am RSA encrypting a message to be decrypted by .NET application... but I keep getting a "Bad Key" exception from .NET.... For RSA encryption, I am using PEAR class Crypt_RSA- encrypting with the public key (which is a modulus, exponent pair) I get from working encryption system in .NET... I guess the easiest question would be- does "Bad Key" mean it is not able to decrypt the message whatsoever? IE, it is not encrypted correctly? The harder question is- Is there anything specific about RSA encryption that causes quirks between .NET and PHP?

    Read the article

  • File Encrypt/Decrypt under load?

    - by chopps
    I found an interesting article about encrypting and decrypting files but since it uses a file.dat to store the key this will run into problems when theres alot of users on the site dealing with alot of files. http://www.codeproject.com/KB/security/VernamEncryption.aspx?display=Print Should a new file be created every time a file needs decrypting or would there be a better way to do this? UPDATE: Here is what im using to avoid the locking problems. using (Mutex FileLock = new Mutex(true, System.Guid.NewGuid().ToString())) { try { FileLock.WaitOne(); using (FileStream fs = new FileStream(keyFile, FileMode.Open)) { keyBytes = new byte[fs.Length]; fs.Read(keyBytes, 0, keyBytes.Length); } } catch (Exception ex) { EventLog.LogEvent(ex); } finally { FileLock.ReleaseMutex(); } } I tested it on 1000 TIFFs doing both encryption and decryption without any errors.

    Read the article

  • Encrypt/ Secure communication Android app <-> REST webservice

    - by Ascorbin
    I want to create a backend for my android app with Tapestry5 and this http://code.google.com/p/t5-restful-webservices/ plugin. The app will communicate with the server by calling REST methods both for registered users (that would be easy to secure I guess) as well as unregistered users. Now of course I don't want people to just call that webservice from a browser. How can I make sure that only my app can make calls to this backend?

    Read the article

  • Encrypt correctly caracters in a PHP mail form ("I'm" turns to be "I\'m")

    - by Peanuts
    Hello guys, I'm testing a PHP mail form, a very barebones one, found here: <?php if(isset($_POST['submit'])) { //The form has been submitted, prep a nice thank you message $output = '<h3>Thanks for your message</h3>'; //Deal with the email $to = '[email protected]'; $subject = 'you have a mail'; $contactname = strip_tags($_POST['contactname']); $adress = strip_tags($_POST['adress']); $contactemail = strip_tags($_POST['contactemail']); $textmessage = strip_tags($_POST['textmessage']); $boundary =md5(date('r', time())); $headers = "From: My Site\r\nReply-To: [email protected]"; $message = "Name: ".$contactname."\n"; $message .= "Adress: ".$adress."\n"; $message .= "E-mail: ".$contactemail."\n"; $message .= "Message: ".$textmessage."\n"; mail($to, $subject, $message, $headers); } ?> The problem is I'm receiving an unwanted slash "\" everytime I write a single or a double quote in my message, so "I'm" appear as "I\'m" in my mailbox. I know it have to do with the way PHP distinguishes code quotes from only lecture quotes, but I wouldn't know what to add in my form to get it properly running. Any help is appreciated,

    Read the article

  • How do I encrypt the source code on the webserver?

    - by Ashin k n
    I have a web application developed using Python, HTML, CSS & JavaScript. The customer installs it in any of their own Machine and uses it through their LAN. In short the customer sets up the webserver in any of their own machine. Since its a web application, all the source code is open for the customer in the document root directory of webserver. I want to encrypt the whole source code in the document root directory in such a way that it should not effect the working of the web application. Is there is any way to encrypt the Python, HTML, CSS & JavaScript for this purpose.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 2 3 4 5 6 7 8 9 10 11 12 13  | Next Page >