The encryption tag has no wiki summary.
1
vote
2answers
90 views
Writing a home made encryption software?
Well, I'm a little curious about the different between using a widely known encryption applications and writing the encryption by ourselves for personal use. Which one could be safer ? In case we ...
14
votes
6answers
752 views
How to assure users that website and passwords are secure
On reliable websites I always see claims such as "All data is encrypted" or "All passwords are encrypted using 128bit encryption" and etc. However I have never come across a claim such as "All ...
27
votes
4answers
736 views
Zero-knowledge code hosting? [closed]
In light of recent revelations about widespread government monitoring of data stored by online service providers, zero-knowledge services are all the rage now.
A zero-knowledge service is one where ...
4
votes
1answer
180 views
Is a PHP file secure enough on a GoDaddy Server to hard code an AES salt into the file?
So I am creating a web api for an app I am making. The data is sanitized before it is sent to my web api and then encrypted before it is stored in my MySql server.
The phone app sanitizes then ...
0
votes
2answers
245 views
Building a web app with encrypted MySQL database entries?
I have some experience in building PHP based websites with MySQL access, storing encrypted user details, but all other fields being plain text. My most recent project will require sensitive data to be ...
9
votes
2answers
768 views
Encryption Cannot Be Reversed?
I am under the impression that an encrypted string cannot be decrypted so the original value is lost forever.
However, if the following string always equals "dominic" (my name), then can't there be ...
6
votes
4answers
234 views
Public-key cryptography security given NSA resources
I was wondering how secure public private key encryption methods are.
If two individuals were sending emails back and forth forever, where each person would encrypt the body of the email they were ...
-3
votes
1answer
69 views
How to tackle a decryption problem [closed]
I recently found a coding challenge that simply stated the following:
Decrypt this message. You have access to the encryption engine below.
...
2
votes
1answer
159 views
Client side authentication through signatures instead of passwords
I want to save some user-generated data with some signature of the user that generated it (let's say that the user has to fill some forms with some data and I want him to sign the written data).
The ...
0
votes
2answers
151 views
Security through obscurity and storing unencrypted passwords
What exactly does "Security through obscurity" means in the context of stroing unencrypted passwords?
I'm using a small program (I won't name it, to not enlarge enough large shame on its author) that ...
0
votes
0answers
59 views
MachineKey.Protect VS RijndaelManaged
On a .Net web application, what are the differences between using System.Web.Security.MachineKey or RijndaelManaged? Which algorithm does the MachineKey class use under the hood?
Thanks
1
vote
4answers
241 views
Why do web sites require certain characters in their credentials? [closed]
It seems like when web site lists requirements as to what characters MUST be in the password they're only providing a password map for someone who wants to hack their system.
For instance, fsd.gov ...
-5
votes
3answers
307 views
Is sending password to user email secure? [closed]
How secure is sending passwords through email to a user, since email isn't secured by HTTPS.
What is the best way to secure it? Should I use encryption?
3
votes
2answers
558 views
I need advice developing a sensitive data transfer/storage/encryption system
I got closed on SO and told to post this here as it's about general application design as opposed to specific code.
Intro
I'm currently working on a project which involves the daily extraction of ...
1
vote
1answer
130 views
Storing 'sensitive' data in settings file
I'm writing a small utility in AutoIt that connects to Twitter. I would like to store the username and password in the programs setting file, but I know that it needs to be encrypted obviously. ...
0
votes
1answer
94 views
How to do scalar multiplication and matrix inverse when variables are of size 1000 bits?
I am doing arithmetic operations on really huge numbers.
For example, I am given six variables, a_{11}, a_{12}, a_{21}, a_{22}, x_1, and x_2.
Although the above are math terms, these six variables ...
1
vote
4answers
278 views
Implementation ideas to store multiple files within a single file for faster access?
My requirement is to store a large number of files within a single file.The files stored could be anything like images, videos or simple text files as well. I want some ideas to implement the same. I ...
2
votes
6answers
1k views
Should I encrypt data in database?
I have a client, for which I'm going to do an Web application about patient care, managing patients, consults, history, calendars, everything about that basically.
The problem is that this is ...
1
vote
1answer
202 views
Are python's cryptographic modules good enough?
I mean, say you were writing professional grade software that would involve sensitive client information. (Take this in the context of me being an amateur programmer.)
Would you use hlib and hmac? ...
11
votes
2answers
671 views
How can I get my own encryption algorithm tested?
I've just developed a block cipher symmetric-key algorithm and I am using it in some of my products. I want to put it to real test.
How would one go about entering their encryption algorithm into an ...
0
votes
2answers
216 views
How to access an encrypted INI file from C on an embedded system with little RAM
I want to encrypt an INI file using a Delphi program on a Windows PC.
Then I need to decrypt & access it in C on an embedded system with little RAM.
I will do that once & fetch all info; I ...
2
votes
2answers
159 views
help for choosing an encryption method for a database column
I'm storing some phone numbers in the database which should kept totally secret (they're supposed to access via web). BTW, because of the position of these people, I need to prevent any chance for ...
-1
votes
3answers
384 views
How does eMail encryption work?
I have been going over YouTube watching videos on eMail encryption and everyone seems to explain it from a different perspective. Some do it for a CompTIA exam while others just provide a primer.
Here ...
0
votes
1answer
253 views
How do PGP and PEM differ?
Email messages are sent in plain text which means that the messages I send to Derpina are visible to anyone who somehow gets access to them while they are in transit.
To overcome this, various ...
0
votes
3answers
353 views
What encryption algorithm/package should I use in a betting game?
I have a betting type site where I publish a number (between 0-100) that is encrypted. Then after a period of time, I would review what the number is and prove it with a key to decrypt the encrypted ...
3
votes
4answers
454 views
Public-private key pair handling on a Windows ecosystem
I've been thinking about how to architect an infrastructure for one of our business applications with the following requirement:
Data written by some user can only be read by that user and his ...
1
vote
1answer
175 views
How to handle encryption key with a large development team?
If we have a large development team, say 100, and we would like to keep our encryption key hidden from developers who are not directly involved in the encryption module/algorithm, what are some best ...
1
vote
1answer
2k views
HTML5 localStorage and encrypted sensitive data
I'm looking for a way to have a website remember sensitive data, but without actually storing it server side. And I was looking at HTML5 localStorage to do it. Here's the plan as I see it.
User ...
2
votes
1answer
180 views
How to encrypt data using the private key?
I understand that in asymmetric crypto systems:
The public key is generally used to encrypt data and only the private key can be used to decrypt that data.
It's trivial to derive a public key from ...
3
votes
4answers
396 views
Should I perform encryption in the front end or within the database?
I want to store an encrypted string (specifically, email addresses) in a database. I'm currently using Python and MySQL. I was initially going to use MySQL's AES_ENCRYPT/DECRYPT to handle it, but then ...
2
votes
1answer
275 views
Books or guides regarding secure key storage and database encryption [closed]
I have an idea for a SaaS product I want to create, however, this product will store extremely sensitive data that needs to be encrypted at rest. The trouble is not so much the encryption, but the ...
4
votes
3answers
1k views
URL Encryption vs. Encoding
At the moment non/semi sensitive information is sent from one page to another via GET on our web application. Such as user ID or page number requested etc. Sometimes slightly more sensitive ...
5
votes
3answers
2k views
How does a web browser save passwords?
How do current web browsers (or mobile mail clients and any software in general) save user passwords? All answers about storing passwords say we should store only hashes, not the password themselves. ...
0
votes
1answer
195 views
Best Practices To Build a Product Registration System?
What are some practices I should use in a product registration system I'm building? I likely can't stop all malicious hacking, but I'd like to slow them down a great deal. (Note, I know only PHP.) I'm ...
4
votes
3answers
291 views
Login into application at startup
Short version: I want "Login on program startup" checkbox like in Skype, for example, but don't know how to protect saved credentials securely.
I'm writing client application which, before doing ...
2
votes
2answers
254 views
How to handle encryption key conflicts when synchronizing data?
Assume that there is data that gets synchronized between several devices. The data is protected with a symmetric encryption algorithm and a key. The key is stored on each device and encrypted with a ...
3
votes
2answers
2k views
How do I encrypt the source code on the webserver?
I have a web application developed using Python, HTML, CSS & JavaScript.
The customer installs it in any of their own Machine and uses it through their LAN.
In short the customer sets up the ...
21
votes
4answers
2k views
Programmers' concerns about export restrictions from the United States
Which aspects do I need to consider when designing and publishing software that must meet the US export restrictions for cryptographic software?
Wikipedia says that there are various categories which ...
5
votes
4answers
257 views
Multiuser System With Encrypted Database
I am currently developing a hosted solution in ASP.NET using MVC3 and Entity Framework. This product will then be made available to a number of clients as a hosted solution.
As the data stored by ...
3
votes
4answers
666 views
Paranoid Encryption
Call me paranoid, but I really like to keep my stuff secret, but readily available on the cloud. So, asking this question.
How safe and reliable is encryption software (e.g., truecrypt)? The reason ...
2
votes
3answers
318 views
Do you know of any encryption techniques used to validate url redirection
I'm adding a click-tracking feature on my website to track click-thrus for my advertisers.
So, on my site, instead of having a direct link, I link to my re-direct page passing the destination url as ...
1
vote
1answer
86 views
Random number for HTTPS MAC
Recently I found that Netscape used quite simple algorithm to generate random number for Message Authentication Code to establish an HTTPS connection (Nestscpe used time, process identification ...
10
votes
3answers
549 views
Where do you use ROT13?
I was reading through the docs for vim, and noticed there's a shortcut, for example g?w would transform the next word using ROT13. I also know that you can change the encoding of a Python file to ...
3
votes
3answers
291 views
How would I go about changing encryption methods on existing passwords?
If I have an application that is using a less secure method for storing passwords, such as SHA-1, how would I go about converting to SHA-256 or SHA-512?
4
votes
2answers
2k views
do I need French export compliance approval to submit an iOS app that uses encryption? [closed]
My company just (5th July 2011) received the following email from Apple:
Starting in the first week of July,
apps that meet the following criteria
are required to comply with French
...
5
votes
2answers
372 views
Licensing issue for RSA and Rijndael algorithms
I'm using .Net to build a commercial application, i.e. a secure chat application. This application is using RSA and Rijndael algorithms.
Do we need licenses for using RSA and Rijndael algorithms for ...
1
vote
4answers
195 views
How to handle the problem of modified encrypted files
I have a simple encryption/decryption application that I am testing to learn more about security. I found out that if the user modifies the encrypted file, then decryption fails because the hashing ...
0
votes
1answer
157 views
Legal Requirements for Software Makers
Since the Legal site of Stack Exchange isn't ready quite yet, I figured this would be the best place to ask this question.
What are, if any, the legal requirements (or online resources for finding ...
0
votes
1answer
190 views
Is having decrypted compressed files in iPhone is a problem on submission?
I am about to submit an iPhone application. I do download Encrypted Zip files from a remote server and of course I do decrypt the files to view them to the user. Does that mean I need to answer YES ...
3
votes
2answers
327 views
What encryption method should I use?
I am looking for some information on encryption. Here's what I'm trying to do:
Get unique information from our customer (an ID or something)
Generate and encrypt some data on our side (using the ...
