This tag is used for code review questions relating to cryptographic topics such as encryption/decryption and hashing.
3
votes
0answers
10 views
Encrypting a payload for transmission over HTTP. AES256 with PBKDF2
I've done some reading about implementing AES256 and deriving a key from a password. If I understand correctly:
I want to generate a new salt (for the key) and a new IV (for the encrypted message) ...
2
votes
0answers
71 views
AES CTR mode using pycrypto
I've implemented CTR mode by myself (only decryption for now), using only AES built-in functions from pycrypto. It means that I'm not supposed to use mode=AES.MODE_CTR. However, I know that using ...
3
votes
1answer
12 views
Encrypt Using AES
I'm using Microsoft's example
for encrypting/decripting a string. In their example, they are using Tripple DES. I'm trying to convert their code to use AES.
The modified code, listed below, works. ...
6
votes
1answer
76 views
Python mint hashcash token
This is a Python program to mint a hashcash token, but my code is a lot slower than using a library. What is slowing my program down? It takes over 10 seconds to mint a 20-bit stamp, but using a ...
3
votes
1answer
113 views
Is this password hashing acceptable for a custom MembershipProvider?
I'm creating a custom MembershipProvider for an ASP.NET MVC5 application and am wanting to know if this code is acceptable for creating hashed and salted passwords. Is there anything I can do to ...
2
votes
0answers
46 views
Sending signed email [closed]
Is this a good way to send a signed email message? It seems to me that a public key is a little too large to send as a email header. Should I be including the signature and key as a header field, or ...
4
votes
2answers
158 views
My API Keygen: Is it secure?
Below is an api key gen script for a cryptocurrency trading platform i am building.
first it checks to see if a key exists in the db for the user id. if it does exist it displays the key. if it ...
4
votes
1answer
67 views
Reducing repetitive Android code
How can I reduce the amount of repetitive code in my Android app? A lot of the code seems to be doing the same thing twice. I think that there is a more compact way to do this.
What are some ways ...
3
votes
1answer
60 views
Need Loops for PHP Username/Pass Encryption Script
I've created this PHP script to print a batch of usernames with encrypted passwords locally on my computer because the user/pass format is always the same.
username = username
password = ...
2
votes
2answers
103 views
How safe is my encrypt/decrypt PHP function?
I have to protect really sensitive information and I have to do it both ways: encryption and decryption. I'll be using this PHP code:
function encrypt($mprhase) {
$MASTERKEY = "KEY PHRASE!";
...
7
votes
3answers
234 views
Python implementation of SHA1
Here is a implementation of the cryptographic hash function SHA1 written in Python. It does not use any external libraries, only built-in functions. I know that it would be faster to use an external ...
2
votes
1answer
63 views
Critique of FilterInputStream and FilterOutputStream classes
I'm working my way through The Java Programming Language, Fourth Edition - The Java Series. This is Exercise Exercise 20.3:
Create a pair of Filter stream classes that encrypt bytes using any
...
5
votes
0answers
85 views
Help me review this PHP cryptography implementation for a web-based file server
I'm not a dedicated cryptographer, so I'm looking for someone to look over these functions I wrote and let me know if there are any implementation errors leading to security vulnerabilities or just ...
3
votes
2answers
440 views
AES Encryption C# .NET
I have written a tool for encrypting string using the AesCryptoServiceProvider in .NET. The folllowing parameters are used:
Block Cipher Mode: CBC
Initialization Vector: 16 bytes (randomized
per ...
2
votes
1answer
138 views
RC4 implementation in Go
I'm new to Go, and as a learning project I've been implementing RC4, attempting to follow pseudo-code in the Wikipedia links (and trying not to look at the far-superior version in the crypto package).
...
2
votes
2answers
366 views
Hashing passwords for website is this secure
I have spent about 2 weeks reading about hashing passwords and website security. As there seems to be many different ways to achieve this, I'm a bit confused as to whether my code is secure.
Can ...
2
votes
1answer
59 views
Code Review of Haskell PBKDF2
Moved from Programmers.SE.
I have written a new version of the PBKDF2 algorithm in Haskell. It passes all of the HMAC-SHA-1 test vectors listed in RFC 6070, but it is not very efficient. How can I ...
1
vote
2answers
133 views
Is my Encryption Module Secure?
I have a simple encryption module that is used to "encrypt" a text file because it contains some passwords. I only need to encrypt it because I need those passwords in my program (they are used to ...
2
votes
1answer
64 views
Better ways of solving the substitution cipher puzzle
here is the puzzle description
Your task is to decode messages that were encoded with substitution ciphers. In a substitution cipher, all occurrences of a character
are replaced by a different ...
1
vote
1answer
79 views
Am I interfacing in a secure manner with rijndael?
I have been working to create an easy-to-use set of methods to encrypt configuration objects for my client application. It will contain username and passwords to databases and similar vaults of data, ...
1
vote
2answers
127 views
Is my cipher secure?
This is a program that I made for encrypting text files, it uses a one time pad cipher to encrypt the files, but I do not know if there are any holes in my program that could be a vulnerability.
...
1
vote
0answers
207 views
JavaScript xor function
I made simple JavaScript xor function. It accepts string, numeric array and mixed array (char, string, num) as params. It returns string or an array.
Returning an array is a must!. All numbers are ...
5
votes
1answer
2k views
AES-128 encryption class
This is the first time I've written a class in Java to do encryption using AES. Since security is involved I would love it if someone could take a look at it and let me know if anything is wrong with ...
1
vote
0answers
63 views
Review streamed encrypt then mac construction
I've been porting python Keyczar to work under 2to3 conversion (Github). I wanted to consolidate it's streaming aes encrypt/decrypt backend interface with it's string decrypt/encrypt. So I wrote a new ...
3
votes
2answers
139 views
Nice design of my hash service class
I would like to know, if my design of this class is good OOP.
Should I implement for every hash algorithm a separate class?
I'm asking this, because the HashService can be used with a ...
1
vote
1answer
294 views
Review my Diffie Hellman class
Here is a link to my project, more details regarding the Diffie Hellman Key Exchange using MODP cyclic grous are available here, no ECP currently implemented
...
2
votes
1answer
513 views
Simple crypto library in Python - correct and secure?
Apologies if this is too broad.
Is the code below (also available at github with tests, example, and description of algorithms) correct and secure?
It follows the recommendations at ...
2
votes
1answer
116 views
1024 bit key generation in php
I want to use this function to store 1024 bit keys in my Mysql database. If you call generateKey(128), you'll get a 128 byte string, same as 1024 bit string. I want to know if there is something wrong ...
1
vote
1answer
110 views
What can I improve in this Java based crypto code?
I use some basic cryptography in a project of mine.
Because I want my application to run cross-platform and because it seems pretty sophisticated I decided to go with the Java Cryptography ...
3
votes
1answer
3k views
Playfair Cipher in C++
I have been working on a Playfair Cipher in C++ for a final Project in a Cryptography class. I was hoping for some feedback on the project so far. I recently got a job programming before I've even ...
1
vote
2answers
568 views
Modular exponentiation optimisation in Java
As part of an assignment in Cryptography I've been asked to write code that involves calculating modular exponentiation. The BigInteger modPow is not allowed in this case, we have to implement it ...
5
votes
1answer
2k views
Using System.Security.Cryptography.ProtectedData, do you see any issue with encryption and encoding?
The application needs to keep a secret which is known to logged in windows user. User enters secret in windows form's text box which is read by application. This is in form of System.String. Now I ...
23
votes
2answers
4k views
Review of simplified secure encryption of a String
I have two code examples that I wrote for best practices encrypting a string that I'm looking for feedback both in terms of best practices and security. They are both using authenticated encryption. ...
1
vote
0answers
146 views
Markov Encryption API in Python 2.5
The module in question provides classes used to execute Markov encryption and decryption on arrays of bytes. ME was inspired by a combination of Markov chains with the puzzle of Sudoku. This version ...
9
votes
4answers
2k views
My own SHA-256 code implementation - performance issue
I'm worried about my code performance. The code I've written is an implementation of SHA-256 using pseudocode from Wikipedia. It works fine, but I want to speed it up. With a buffer of 4096 bytes, I ...
4
votes
2answers
173 views
TreeShell PRNG and Encryption Algorithm Review
I've always wanted to come up with my own algorithm for encryption. Last evening I started writing "TreeShell" encryption algorithm that uses bit shifting and XOR operations on the bit level to do ...
3
votes
3answers
4k views
AES encryption in PHP
PHP doesn't have a built-in functions for AES (specifically, AES-128) encoding/decoding, so I've had to implement my own, and this is what I have come up to (of course, taken from different many ...
3
votes
1answer
4k views
DES, Triple DES and AES-128 code in Java
I wrote below code to crypt and decrypt some bytes in three algorithm with Java
but I do not know if I wrote them in correct mode or not.
Please tell me about truth of code.
First class:
public ...
4
votes
1answer
418 views
Forming word combinations from file
I am looking for ideas to optimize the below code for speed. I'm also looking for some good improvement in execution time.
This code reads a text file. The text file has many lines of ASCII text. ...
3
votes
1answer
436 views
Cryptographic key exchange
I initially posted this on StackOverflow, and was redirected here.
I have been playing around with Bouncy Castle (Java) for the last few days, and I've reached the point where I believe I can securely ...
2
votes
1answer
370 views
is this AES encryption wrapper safe?
After taking into account answers for my questions here and here I created (well may-be) improved version of my wrapper. The key issue was what if an attacker is knowing what is encoded - he might ...
10
votes
4answers
272 views
is this encryption function safe?
Some time ago I asked here about making my own encryption function. The answer was that it is unsafe to design encryption alg from scratch. Given that advice I made a pair of encryption functions ...
