The encryption tag has no wiki summary.
0
votes
2answers
80 views
Encrypt and decrypt password for a specific application
I have a basic web application where users can login and edit their profile. In the profile they can submit an username and a password for a different application. I'd like to take that password and ...
1
vote
3answers
230 views
Options for client-side encryption of local web databases
My scenario is as follows:
Web application, run from the browser, designed for mobile devices.
Uses WebSQL storage which may contain sensitive
data.
Uses Application Cache to enable offline use ...
0
votes
1answer
69 views
Snapchat clone: How do I secure pre-downloaded notifications so that they cannot be opened outside of the app?
Say I'm making a snapchat clone app for Android and iOS. Let's say that I get a snapchat from Baz. I want to pre-download the audio for this snapchat. However, as the developer, I want to secure this ...
59
votes
14answers
12k views
Why should passwords be encrypted if they are being stored in a secure database?
I have a web service. Right now, I have passwords stored in plain text in a MySQL table on my server. I know this isn't the best practice, and that is why I am working on it.
Why should passwords be ...
1
vote
2answers
61 views
Could someone help me understand SQL TDE Database encryption?
I don't quite follow how it works. According to the MSDN Article there is a big hierarchy of keys protecting other keys and passwords. At some point the database is encrypted. You query the database ...
1
vote
2answers
198 views
Safest way (i.e. HTTPS, POST, PGP) to send decryption keys through the web?
I am in the final stages of development for my Revit plugin. This plugin is programmed in C#, and distributed via a DLL. One of the DLLs is an encrypted SQLite database (with proprietary data) that is ...
0
votes
0answers
739 views
How secure is this way of authenticating an ASP .NET Web API - creating your own tokens?
http://www.codeproject.com/Articles/630986/Cross-Platform-Authentication-With-ASP-NET-Web-API#_rating
The above link shows exactly how I want to go about authenticating against an ASP .NET Web API. ...
14
votes
6answers
896 views
How to assure users that website and passwords are secure
On reliable websites I always see claims such as "All data is encrypted" or "All passwords are encrypted using 128bit encryption" and etc. However I have never come across a claim such as "All ...
28
votes
4answers
801 views
Zero-knowledge code hosting? [closed]
In light of recent revelations about widespread government monitoring of data stored by online service providers, zero-knowledge services are all the rage now.
A zero-knowledge service is one where ...
4
votes
1answer
360 views
Is a PHP file secure enough on a GoDaddy Server to hard code an AES salt into the file?
So I am creating a web api for an app I am making. The data is sanitized before it is sent to my web api and then encrypted before it is stored in my MySql server.
The phone app sanitizes then ...
0
votes
5answers
744 views
Building a web app with encrypted MySQL database entries?
I have some experience in building PHP based websites with MySQL access, storing encrypted user details, but all other fields being plain text. My most recent project will require sensitive data to be ...
9
votes
2answers
834 views
Encryption Cannot Be Reversed?
I am under the impression that an encrypted string cannot be decrypted so the original value is lost forever.
However, if the following string always equals "dominic" (my name), then can't there be ...
6
votes
4answers
380 views
Public-key cryptography security given NSA resources
I was wondering how secure public private key encryption methods are.
If two individuals were sending emails back and forth forever, where each person would encrypt the body of the email they were ...
2
votes
1answer
339 views
Client side authentication through signatures instead of passwords
I want to save some user-generated data with some signature of the user that generated it (let's say that the user has to fill some forms with some data and I want him to sign the written data).
The ...
1
vote
3answers
273 views
Security through obscurity and storing unencrypted passwords
What exactly does "Security through obscurity" means in the context of stroing unencrypted passwords?
I'm using a small program (I won't name it, to not enlarge enough large shame on its author) that ...
0
votes
0answers
131 views
MachineKey.Protect VS RijndaelManaged
On a .Net web application, what are the differences between using System.Web.Security.MachineKey or RijndaelManaged? Which algorithm does the MachineKey class use under the hood?
Thanks
1
vote
4answers
282 views
Why do web sites require certain characters in their credentials? [closed]
It seems like when web site lists requirements as to what characters MUST be in the password they're only providing a password map for someone who wants to hack their system.
For instance, fsd.gov ...
-5
votes
3answers
441 views
Is sending password to user email secure? [closed]
How secure is sending passwords through email to a user, since email isn't secured by HTTPS.
What is the best way to secure it? Should I use encryption?
3
votes
2answers
859 views
I need advice developing a sensitive data transfer/storage/encryption system
I got closed on SO and told to post this here as it's about general application design as opposed to specific code.
Intro
I'm currently working on a project which involves the daily extraction of ...
1
vote
1answer
146 views
Storing 'sensitive' data in settings file
I'm writing a small utility in AutoIt that connects to Twitter. I would like to store the username and password in the programs setting file, but I know that it needs to be encrypted obviously. ...
0
votes
1answer
135 views
How to do scalar multiplication and matrix inverse when variables are of size 1000 bits?
I am doing arithmetic operations on really huge numbers.
For example, I am given six variables, a_{11}, a_{12}, a_{21}, a_{22}, x_1, and x_2.
Although the above are math terms, these six variables ...
1
vote
4answers
368 views
Implementation ideas to store multiple files within a single file for faster access?
My requirement is to store a large number of files within a single file.The files stored could be anything like images, videos or simple text files as well. I want some ideas to implement the same. I ...
6
votes
6answers
4k views
Should I encrypt data in database?
I have a client, for which I'm going to do an Web application about patient care, managing patients, consults, history, calendars, everything about that basically.
The problem is that this is ...
1
vote
1answer
310 views
Are python's cryptographic modules good enough?
I mean, say you were writing professional grade software that would involve sensitive client information. (Take this in the context of me being an amateur programmer.)
Would you use hlib and hmac? ...
11
votes
2answers
909 views
How can I get my own encryption algorithm tested?
I've just developed a block cipher symmetric-key algorithm and I am using it in some of my products. I want to put it to real test.
How would one go about entering their encryption algorithm into an ...
0
votes
2answers
280 views
How to access an encrypted INI file from C on an embedded system with little RAM
I want to encrypt an INI file using a Delphi program on a Windows PC.
Then I need to decrypt & access it in C on an embedded system with little RAM.
I will do that once & fetch all info; I ...
2
votes
2answers
196 views
help for choosing an encryption method for a database column
I'm storing some phone numbers in the database which should kept totally secret (they're supposed to access via web). BTW, because of the position of these people, I need to prevent any chance for ...
-1
votes
3answers
593 views
How does eMail encryption work?
I have been going over YouTube watching videos on eMail encryption and everyone seems to explain it from a different perspective. Some do it for a CompTIA exam while others just provide a primer.
Here ...
0
votes
1answer
396 views
How do PGP and PEM differ?
Email messages are sent in plain text which means that the messages I send to Derpina are visible to anyone who somehow gets access to them while they are in transit.
To overcome this, various ...
0
votes
3answers
384 views
What encryption algorithm/package should I use in a betting game?
I have a betting type site where I publish a number (between 0-100) that is encrypted. Then after a period of time, I would review what the number is and prove it with a key to decrypt the encrypted ...
3
votes
4answers
497 views
Public-private key pair handling on a Windows ecosystem
I've been thinking about how to architect an infrastructure for one of our business applications with the following requirement:
Data written by some user can only be read by that user and his ...
1
vote
1answer
183 views
How to handle encryption key with a large development team?
If we have a large development team, say 100, and we would like to keep our encryption key hidden from developers who are not directly involved in the encryption module/algorithm, what are some best ...
1
vote
1answer
3k views
HTML5 localStorage and encrypted sensitive data
I'm looking for a way to have a website remember sensitive data, but without actually storing it server side. And I was looking at HTML5 localStorage to do it. Here's the plan as I see it.
User ...
2
votes
1answer
197 views
How to encrypt data using the private key?
I understand that in asymmetric crypto systems:
The public key is generally used to encrypt data and only the private key can be used to decrypt that data.
It's trivial to derive a public key from ...
4
votes
4answers
547 views
Should I perform encryption in the front end or within the database?
I want to store an encrypted string (specifically, email addresses) in a database. I'm currently using Python and MySQL. I was initially going to use MySQL's AES_ENCRYPT/DECRYPT to handle it, but then ...
2
votes
1answer
299 views
Books or guides regarding secure key storage and database encryption [closed]
I have an idea for a SaaS product I want to create, however, this product will store extremely sensitive data that needs to be encrypted at rest. The trouble is not so much the encryption, but the ...
4
votes
3answers
2k views
URL Encryption vs. Encoding
At the moment non/semi sensitive information is sent from one page to another via GET on our web application. Such as user ID or page number requested etc. Sometimes slightly more sensitive ...
5
votes
3answers
3k views
How does a web browser save passwords?
How do current web browsers (or mobile mail clients and any software in general) save user passwords? All answers about storing passwords say we should store only hashes, not the password themselves. ...
0
votes
1answer
230 views
Best Practices To Build a Product Registration System?
What are some practices I should use in a product registration system I'm building? I likely can't stop all malicious hacking, but I'd like to slow them down a great deal. (Note, I know only PHP.) I'm ...
4
votes
3answers
353 views
Login into application at startup
Short version: I want "Login on program startup" checkbox like in Skype, for example, but don't know how to protect saved credentials securely.
I'm writing client application which, before doing ...
2
votes
2answers
342 views
How to handle encryption key conflicts when synchronizing data?
Assume that there is data that gets synchronized between several devices. The data is protected with a symmetric encryption algorithm and a key. The key is stored on each device and encrypted with a ...
4
votes
3answers
4k views
How do I encrypt the source code on the webserver?
I have a web application developed using Python, HTML, CSS & JavaScript.
The customer installs it in any of their own Machine and uses it through their LAN.
In short the customer sets up the ...
21
votes
4answers
2k views
Programmers' concerns about export restrictions from the United States
Which aspects do I need to consider when designing and publishing software that must meet the US export restrictions for cryptographic software?
Wikipedia says that there are various categories which ...
5
votes
4answers
305 views
Multiuser System With Encrypted Database
I am currently developing a hosted solution in ASP.NET using MVC3 and Entity Framework. This product will then be made available to a number of clients as a hosted solution.
As the data stored by ...
4
votes
4answers
743 views
Paranoid Encryption
Call me paranoid, but I really like to keep my stuff secret, but readily available on the cloud. So, asking this question.
How safe and reliable is encryption software (e.g., truecrypt)? The reason ...
2
votes
3answers
396 views
Do you know of any encryption techniques used to validate url redirection
I'm adding a click-tracking feature on my website to track click-thrus for my advertisers.
So, on my site, instead of having a direct link, I link to my re-direct page passing the destination url as ...
1
vote
1answer
87 views
Random number for HTTPS MAC
Recently I found that Netscape used quite simple algorithm to generate random number for Message Authentication Code to establish an HTTPS connection (Nestscpe used time, process identification ...
10
votes
3answers
666 views
Where do you use ROT13?
I was reading through the docs for vim, and noticed there's a shortcut, for example g?w would transform the next word using ROT13. I also know that you can change the encoding of a Python file to ...
3
votes
3answers
320 views
How would I go about changing encryption methods on existing passwords?
If I have an application that is using a less secure method for storing passwords, such as SHA-1, how would I go about converting to SHA-256 or SHA-512?
4
votes
2answers
2k views
do I need French export compliance approval to submit an iOS app that uses encryption? [closed]
My company just (5th July 2011) received the following email from Apple:
Starting in the first week of July,
apps that meet the following criteria
are required to comply with French
...
