Tagged Questions

11
votes
3answers
1k views

How are mobile telephony networks like LTE and HSPA encrypted?

How are mobile telephony networks like LTE (4G) and HSPA (3G) encrypted? between what parts is the communication encrypted? who has access to the keys? is symmetric or asymmetric encryption used? is ...
9
votes
1answer
543 views

Native rsync protocol security

Is the native rsync protocol (port 873) secure? Does it encrypt data or credentials? I'm planning on using rsync to store encrypted files in the cloud, I'm wondering whatever the password is ...
8
votes
3answers
1k views

What common products use Public-key cryptography?

I want know what common use products are there that use public key/private key cryptography?
6
votes
2answers
4k views

The new CCMP attack against WPA/WPA2 PSK

The use of Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) for WPA/WPA2 PSK is being attacked. This is a trivial attack (offline brute force) against the initial ...
6
votes
3answers
417 views

Patent free symmetric-only key exchange protocols?

I am working with a networked embedded device with AES-128 and no public key cryptography (1KB RAM, 8KB flash). At install, the device is pre-loaded with a longterm AES-128 key known also to the ...
4
votes
3answers
295 views

Are there any serious problems with this technique for generating symmetric keys?

I'm using a technique borrowed out of a book by Bruce Schneier and Niels Ferguson called Practical Cryptography. Basically, it boils down to this: Bob does this: pubk_A = Alice's public key ...
4
votes
1answer
228 views

What changed between TLS and DTLS

What did the DTLS (TLS over UDP) authors have to change so that it could run without TCP? Bonus points: Do any of the protocol difference affect the way it should be used, both in terms of interface ...
3
votes
2answers
404 views

Can we prevent a man-in-the-middle attack with symmetric-key cryptography?

Suppose that Alice signs the message M = "I love security" and then encrypts it with Bob's public key before sending it to Bob. As well known, Bob can decrypt this to obtain the signed message and ...
3
votes
1answer
157 views

Can wildcard certificates hide/obscure the hostname in a TLS connection?

I'm trying to increase security for my cloud-based / multi-tenant environment. I'm considering having clients access an obscure URL such as GUID.myCloud.com. I will then respond to that guid-based ...
2
votes
3answers
146 views

I want to have the security of my crypto code checked, how should I go about doing so?

Specifically part of my system stores encrypted information in a database. I wrote the code that actually does the encrypting/decrypting using an existing cipher. How should I go about making sure ...
2
votes
2answers
135 views

How do I correctly select and use a modern symmetric block cipher?

I have founds lots of DON'Ts with Google but so far, no simple resource that would explain to someone like me who knows that he is not smart enough get this right without help how to use correctly a ...
1
vote
1answer
96 views

Challenge Response across several hops

This is a follow-up question to "When should I use Message layer encryption vs transport layer encryption". I need to send a certificate from the mobile phone to the server. Regardless of all the ...
1
vote
1answer
47 views

Symmetric Key Cryptography vs Public Key Cryptography [duplicate]

I understand what the two are so need to go into detail about that, however what I'm curious about is in what kind of situations would we use one over the other? It feels to me as if Public Key ...
0
votes
4answers
264 views

Are there vunerabilities with this authentication mechanism?

I am trying to come up with a way to implement token-based authentication for a REST API without the need for SSL. The goal here is to avoid sending any sensitive information across the wire. I was ...
0
votes
2answers
201 views

How to safely collect bank account from website?

I want to collect bank account information from my customers on my website. I'd like to do that through a form, then I will download it to a PC, print it, and then delete it from the website. Or ...
0
votes
2answers
107 views

How to find whether a site uses SET

How could I know whether the eCommerce site I use uses SET (Secure Electronic Transaction). I know SET is a standard. But I see only an SSL connection
-2
votes
1answer
113 views

What is a man in the middle attack?

My university provided me with the following slide which is confusing me: From my understanding, what is happening here is that Trudy (Person in the middle) is pretending to be Alice. Bob then ...