Search Results

Search found 12324 results on 493 pages for 'password encryption'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 95/493 | < Previous Page | 91 92 93 94 95 96 97 98 99 100 101 102  | Next Page >

  • How to handle User Authentication for program in client’s local machine?

    - by Daniel
    Which user authentication scheme could be used at following scenario? 1.Application A developed by my company is installed at user's local computer. 2.Users login at my company's website. 3.If login is successful, access to the application A in user's local machine is granted. The development environment is .NET. Is there a secure way to authenticate the user to access the application? I've thought about encrypting the login information entered at the website, and then sending that information to the program at user's local machine for authentication. but I think as long as the client program has the decrypting ability, it is vulnerabe to decompiling,etc. Thanks in advance!

    Read the article

  • BadPaddingException in Android encrypt

    - by DarthRoman
    Hi everyone, I am making an Android application, and I want to encrypt a String before sending it to a DataBase, and encrytpion is correct. The problem is when I am going to decrypt the String, because I get a BadPaddingException and I have no idea where the problem is. Here is the code: public final static String HEX = "36A52C8FB7DF9A3F"; public static String encrypt(String seed, String cleartext) throws Exception { byte[] rawKey = getRawKey(seed.getBytes()); byte[] result = encrypt(rawKey, cleartext.getBytes()); return toHex(result); } public static String decrypt(String seed, String encrypted) throws Exception { byte[] rawKey = getRawKey(seed.getBytes()); byte[] enc = toByte(encrypted); byte[] result = decrypt(rawKey, enc); return new String(result); } public static String toHex(String txt) { return toHex(txt.getBytes()); } public static String fromHex(String hex) { return new String(toByte(hex)); } public static byte[] toByte(String hexString) { int len = hexString.length()/2; byte[] result = new byte[len]; for (int i = 0; i < len; i++) result[i] = Integer.valueOf(hexString.substring(2*i, 2*i+2), 16).byteValue(); return result; } public static String toHex(byte[] buf) { if (buf == null) return ""; StringBuffer result = new StringBuffer(2*buf.length); for (int i = 0; i < buf.length; i++) { appendHex(result, buf[i]); } return result.toString(); } private static byte[] getRawKey(byte[] seed) throws Exception { KeyGenerator kgen = KeyGenerator.getInstance("AES"); SecureRandom sr = SecureRandom.getInstance("SHA1PRNG"); sr.setSeed(seed); kgen.init(128, sr); // 192 and 256 bits may not be available SecretKey skey = kgen.generateKey(); byte[] raw = skey.getEncoded(); return raw; } private static byte[] encrypt(byte[] raw, byte[] clear) throws Exception { SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES"); Cipher cipher = Cipher.getInstance("AES"); cipher.init(Cipher.ENCRYPT_MODE, skeySpec); byte[] encrypted = cipher.doFinal(clear); return encrypted; } private static byte[] decrypt(byte[] raw, byte[] encrypted) throws Exception { SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES"); Cipher cipher = Cipher.getInstance("AES"); cipher.init(Cipher.DECRYPT_MODE, skeySpec); byte[] decrypted = cipher.doFinal(encrypted); return decrypted; } private static void appendHex(StringBuffer sb, byte b) { sb.append(HEX.charAt((b>>4)&0x0f)).append(HEX.charAt(b&0x0f)); } I encrypt and decrypt with this code: String encrypted = encrypt(HEX, "some text"); String decrypted = decrypt(HEX, encrypted); Can anyone help me please? Thank you very much!!

    Read the article

  • Crackers - How do they do it, how do we fight back?

    - by zedo
    As someone who is interested in learning more about the security side of technology, I ask you all the following questions: How is it that crackers crack software? What techniques are used to do so? I would imagine that the cracking methods depend upon the language the software is written in, right? Aside from using something like cloud-based security for SaaS ((software as a service) which isn't always an option), what choices does one have to prevent their software from being compromised?

    Read the article

  • When encrypting data that is not an even multiple of the block size do I have to send a complete las

    - by WilliamKF
    If I am using a block cipher such as AES which has a block size of 128 bits, what do I do if my data is not an even multiple of 128 bits? I am working with packets of data and do not want to change the size of my packet when encrypting it, yet my data is not an even multiple of 128? Does the AES block cipher allow handling of a final block that is short without changing the size of my message once encrypted?

    Read the article

  • Architecture of a secure application that encrypts data in the database.

    - by Przemyslaw Rózycki
    I need to design an application that protects some data in a database against root attack. It means, that even if the aggressor takes control over the machine where data is stored or machine with the application server, he can't read some business critical data from the database. This is a customer's requirement. I'm going to encrypt data with some assymetric algorithm and I need some good ideas, where to store private keys, so that data is secure as well as the application usability was quite comfortable? We can assume, for simplicity, that only one key pair is used.

    Read the article

  • Automate downloads from password protected website

    - by Andrew
    I need some help with a work project I have been assigned. At the moment we manually go to the site, logon and then download 2 excel files from a supplier's website every month. The files are then loaded into SQL. We want to automate this process. Now the loading of the files into SQL I can do, but I am not sure how I can automate logging onto the website entering my user details and collecting the files. I mostly deal with SQL and have very little .NET experience, so any code samples would be most appreciated.

    Read the article

  • How to implement copy protection of content in an open source application?

    - by Lococo
    I have an idea for an open source app -- the app would be free, but I would charge a small fee for data that a customer would order. For instance, let's say I'm writing a map application. I'd give the app away, make it open-source, but I would like to sell various maps to individual users. Is there a way to protect the data in such a way that makes it very difficult for someone to simply take the map they bought and distribute it to others? Is this feasible for an open source app?

    Read the article

  • How to Check Authenticity of an AJAX Request

    - by Alex Reisner
    I am designing a web site in which users solve puzzles as quickly as they can. JavaScript is used to time each puzzle, and the number of milliseconds is sent to the server via AJAX when the puzzle is completed. How can I ensure that the time received by the server was not forged by the user? I don't think a session-based authenticity token (the kind used for forms in Rails) is sufficient because I need to authenticate the source of a value, not just the legitimacy of the request. Is there a way to cryptographically sign the request? I can't think of anything that couldn't be duplicated by a hacker. Is any JavaScript, by its exposed, client-side nature, subject to tampering? Am I going to have to use something that gets compiled, like Flash? (Yikes.) Or is there some way to hide a secret key? Or something else I haven't thought of? Update: To clarify, I don't want to penalize people with slow network connections (and network speed should be considered inconsistent), so the timing needs to be 100% client-side (the timer starts only when we know the user can see the puzzle). Also, there is money involved so no amount of "trusting the user" is acceptable.

    Read the article

  • Understanding Security Certificates (and thier pricing)

    - by John Robertson
    I work at a very small company so certificate costs need to be absolutely minimal. However for some applications we do Need to have our customers get that warm fuzzy not-using-a-self-signed certificate feeling. Since creating a "certificate authority" with makecert really just means creating a public/private key pair, it seems pretty clear that creating a public/private key pair FROM such a "certificate authority" really just means generating a second public/private key pair and signing both with the private key that belongs to the "certificate authority". Since the keys are signed anyone can verify they came from the certificate authority I created, or if verisign gave me the pair they sign it with one of their own private keys, and anyone can use verisigns corresponding public key to confirm verisign as the source of the keys. Given this I don't understand when I go to verisign or godaddy why they have rates only for yearly plans, when all I really want from them is a single public/private key pair signed with one of their private keys (so that anyone else can use their public keys to confirm that, yes, they gave me that public/private key pair and they confirmed I was who I said I was so you can trust my public/private key pair as belonging to a legitimate third party). Clearly I am misunderstanding something, what is it? Does verisign retire their public/private key pairs periodically so that my verisign signed key pair "expires" and I need new ones?

    Read the article

  • Java RSA Encrypt using .NET XML Key File - need help

    - by badMonkey
    In .net I have generated the following public key file: <RSAKeyValue> <Modulus>xTSiS4+I/x9awUXcF66Ffw7tracsQfGCn6g6k/hGkLquHYMFTCYk4mOB5NwLwqczwvl8HkQfDShGcvrm47XHKUzA8iadWdA5n4toBECzRxiCWCHm1KEg59LUD3fxTG5ogGiNxDj9wSguCIzFdUxBYq5ot2J4iLgGu0qShml5vwk=</Modulus> <Exponent>AQAB</Exponent> .NET is happy to encrypt using it's normal methods. I am trying to use this key to encode a string in Java and am running into an Arithmetic problem (exception) when I attempt to encrypt the string. The following is the code I am using to encrypt: byte[] modulusBytes = Base64.decode(this.getString(R.string.public_key_modulus)); byte[] exponentBytes = Base64.decode(this.getString(R.string.public_key_exponent)); BigInteger modulus = new BigInteger( modulusBytes ); BigInteger exponent = new BigInteger( exponentBytes); RSAPublicKeySpec rsaPubKey = new RSAPublicKeySpec(modulus, exponent); KeyFactory fact = KeyFactory.getInstance("RSA"); PublicKey pubKey = fact.generatePublic(rsaPubKey); Cipher cipher = Cipher.getInstance("RSA"); cipher.init(Cipher.ENCRYPT_MODE, pubKey); byte[] cipherData = cipher.doFinal( new String("big kitty dancing").getBytes() ); It is the final line in the code block that fails. I have looked at numerous examples and this is the best I could come up with. If it is not obvious, the R.string.public_key_modulus is a copy/paste of the text in the Modulus element, same applies for exponent.

    Read the article

  • How to encrypt a RSAKey using another RSAKey?

    - by Tom Brito
    I know its not the usual thing to do. But the specification I'm implementing is discribed this way, and I cannot run out. I was trying to encrypt the modulus and exponent of the private key, but the following test code raises an exception because the byte array is 1 byte larger then the maximum allowed by RSA block: import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; import javax.crypto.Cipher; import org.apache.commons.lang.ArrayUtils; public class TEST { public static KeyPair generateKeyPair() throws NoSuchAlgorithmException, NoSuchProviderException { KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC"); keyPairGenerator.initialize(1024); return keyPairGenerator.generateKeyPair(); } public static void main(String[] args) throws Exception { KeyPair keyPair = generateKeyPair(); RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate(); System.out.println("Priv modulus len = " + privateKey.getModulus().bitLength()); System.out.println("Priv exponent len = " + privateKey.getPrivateExponent().bitLength()); System.out.println("Priv modulus toByteArray len = " + privateKey.getModulus().toByteArray().length); byte[] byteArray = privateKey.getModulus().toByteArray(); // the byte at index 0 have no value (in every generation it is always zero) byteArray = ArrayUtils.subarray(byteArray, 1, byteArray.length); System.out.println("byteArray size: " + byteArray.length); RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic(); Cipher cipher = Cipher.getInstance("RSA", "BC"); cipher.init(Cipher.ENCRYPT_MODE, publicKey); byte[] encryptedBytes = cipher.doFinal(byteArray); System.out.println("Success!"); } } (obs. its just a test, i would never encrypt the private key with its pair public key) The byte array is 128 bytes, the exactly maximum allowed by a RSA block, so why the exception? And how to fix it?

    Read the article

  • How to find Key and IV value from .Net to PHP

    - by PHP-Prabhu
    Can any one please let me know is there any way to find a solution for the below stuffs. I need to find out the KEY and IV value from the below byte array. the byte array in .net and this has to be convert into KEY(string) and IV(string) via PHP. private static readonly byte[] Key = { 0xda, 0x3c, 0x35, 0x6f, 0xbd, 0xd, 0x87, 0xf0, 0x9a, 0x7, 0x6d, 0xab, 0x7e, 0x82, 0x36, 0xa, 0x1a, 0x5a, 0x77, 0xfe, 0x74, 0xf3, 0x7f, 0xa8, 0xaa, 0x4, 0x11, 0x46, 0x6b, 0x2d, 0x48, 0xa1 }; private static readonly byte[] IV = { 0x6d, 0x2d, 0xf5, 0x34, 0xc7, 0x60, 0xc5, 0x33, 0xe2, 0xa3, 0xd7, 0xc3, 0xf3, 0x39, 0xf2, 0x16 };

    Read the article

  • How to go about signing text in a verifiable way from within ruby in a simple yet strong & portable

    - by roja
    Guys, I have been looking for a portable method to digitally sign arbitrary text which can be placed in a document and distributed while maintaining its verifiable origin. Here is an example: a = 'some text' a.sign(<private key>) # => <some signature in ASCII format> The contents of a can now be distributed freely. If a receiver wants to check the validity of said text they can do the following: b = 'some text' b.valid(<public key>, <signature supplied with text>) # => true/false Is there any library out there that already offers this kind of functionality? Ruby standard library contains SHA hashing code so at lest there is a portable way to perform the hashing but from that point I am struggling to find anything which fits purpose. Kind Regards, Roja

    Read the article

  • Cryptography for P2P card game

    - by zephyr
    I'm considering writing a computer adaptation of a semi-popular card game. I'd like to make it function without a central server, and I'm trying to come up with a scheme that will make cheating impossible without having to trust the client. The basic problem as I see it is that each player has a several piles of cards (draw deck, current hand and discard deck). It must be impossible for either player to alter the composition of these piles except when allowed by the game rules (ie drawing or discarding cards), nor should players be able to know what is in their or their oppponent's piles. I feel like there should be some way to use something like public-key cryptography to accomplish this, but I keep finding holes in my schemes. Can anyone suggest a protocol or point me to some resources on this topic? [Edit] Ok, so I've been thinking about this a bit more, and here's an idea I've come up with. If you can poke any holes in it please let me know. At shuffle time, a player has a stack of cards whose value is known to them. They take these values, concatenate a random salt to each, then hash them. They record the salts, and pass the hashes to their opponent. The opponent concatenates a salt of their own, hashes again, then shuffles the hashes and passes the deck back to the original player. I believe at this point, the deck has been randomized and neither player can have any knowledge of the values. However, when a card is drawn, the opponent can reveal their salt, allowing the first player to determine what the original value is, and when the card is played the player reveals their own salt, allowing the opponent to verify the card value.

    Read the article

  • Length of Encrypted String

    - by Agnel Kurian
    I need to create a database column which will store a string encrypted using Triple DES. How do I determine the length of the encrypted string column? (Answers for algorithms other than Triple DES are also welcome.)

    Read the article

  • Why is using a Non-Random IV with CBC Mode a vulnerability?

    - by The Rook
    I understand the purpose of an IV. Specifically in CBC mode this insures that the first block of of 2 messages encrypted with the same key will never be identical. But why is it a vulnerability if the IV's are sequential? According to CWE-329 NON-Random IV's allow for the possibility of a dictionary attack. I know that in practice protocols like WEP make no effort to hide the IV. If the attacker has the IV and a cipher text message then this opens the door for a dictionary attack against the key. I don't see how a random iv changes this. (I know the attacks against wep are more complex than this.) What security advantage does a randomized iv have? Is this still a problem with an "Ideal Block Cipher"? (A perfectly secure block cipher with no possible weaknesses.)

    Read the article

  • Hashing (hidding) strings in Python

    - by Lucas
    What I need is to hash a string. It doesn't really have to be secure because its just going to be a hidden pharse in the text file (simply it doesn't have to be recognizable for a human-eye). It should not be just a random string because when user will be typing the string I would like to hash it and compare it with already hashed one (in the text file). What would be the best for this purpose? Can it be done with the own class?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 91 92 93 94 95 96 97 98 99 100 101 102  | Next Page >