This tag is used for code review questions relating to cryptographic topics such as encryption/decryption and hashing.
3
votes
1answer
63 views
Structure and style of Enigma Machine
I took a little time and wrote the following code to produce enigma encryption. I don't normally write code in C so I would like to get feedback on the way it has been structured and any issues a ...
2
votes
0answers
23 views
MCRYPT - are there any flaws or areas for improvement in this class?
I am working on a class for encryption to use on my site. I have read through many examples of these functions and would just like to clarify a few points I have read and check if this code is worthy. ...
4
votes
2answers
44 views
Encrypt and backup folder to email daily, when online
I have a backup script which should backup a folder and send it to email. This should be done once a day. As this is on my laptop which is not online 24/7 I need to check that I am online and can send ...
7
votes
2answers
90 views
Dictionary brute force on DES encrypted passwords
For a school project I am tasked to decrypt DES passwords. I have sample code provided below and I want to know if this is the best method. Also should I code in error handling for the dictionary ...
4
votes
1answer
94 views
How to optimize this Playfair encryption?
For the implementation of the Playfair encryption I needed a custom struct called Cell. This is because I not only need an array of characters I also want to get Elements in a matrix based on their ...
2
votes
2answers
70 views
Cryptographic Extensions
I have created a small crypto extension and I want a deep review of it, such as possible fixes (for hidden problems) and tweaks...
1- Crypto.cs
...
10
votes
3answers
259 views
Enigma simulator performance
Here is my implementation of a simple 3 rotor Enigma machine in C++:
...
1
vote
1answer
75 views
How can this Encryption Class be more secure?
How secure is this encryption?
Secondly, is there something I could do to "turn it up a notch" and make it 'more' secure?
...
4
votes
2answers
52 views
Cookie encryption library
Recently I needed to save session state in cookies, instead of server side. I looked around and didn't see anything similar, so I decided to write something to handle the encryption, decryption, and ...
6
votes
2answers
117 views
OpenSSL PBKDF2-HMAC-SHAx proof of concept
I have regrettably been away from C programming for a very long time, so I'd like to get a quick code review of a first proof of concept, before I get too far into adding capabilities, using the ...
10
votes
6answers
955 views
Small one time pad encryption program
This one time pad encryption program I have written (basically just an XOR "encryption" program) seems to be working fine, compiling nicely (gcc -o ./OTP.c), and doing what it's supposed to. However I ...
9
votes
2answers
105 views
Can this secure, random generator be improved?
This random generator uses cryptographically secure numbers/chars instead of Math.random(). The Javascript code with jQuery works well but I affect clean code ;) It ...
9
votes
3answers
593 views
Password hashing method
I am having some issue to use PHP5 password_hash() function. My server is not supporting it, so I am using a function to hash. Is this one secure?
...
7
votes
1answer
75 views
Embed MD5 digest in a directory path name
My boss needs me to embed the MD5 digest in a file path, but the problem is MD5 contains escape characters.
I've already taught about a uc%duc%d... format, but it ...
6
votes
1answer
182 views
6
votes
1answer
86 views
Encrypting a payload for transmission over HTTP. AES256 with PBKDF2
I've done some reading about implementing AES256 and deriving a key from a password. If I understand correctly:
I want to generate a new salt (for the key) and a new IV (for the encrypted message) ...
3
votes
2answers
183 views
Using SQL with encryption
This is my first project I am doing in VB.NET, and also my first real programming project. There is sensitive data, so I am utilizing Microsoft's Encryption/Decryption class (...
3
votes
0answers
345 views
AES CTR mode using pycrypto
I've implemented CTR mode by myself (only decryption for now), using only AES built-in functions from pycrypto. It means that I'm not supposed to use mode=AES.MODE_CTR. However, I know that using ...
4
votes
1answer
306 views
Encrypt Using AES
I'm using Microsoft's example
for encrypting/decripting a string. In their example, they are using Tripple DES. I'm trying to convert their code to use AES.
The modified code, listed below, works. ...
8
votes
1answer
118 views
Python mint hashcash token
This is a Python program to mint a hashcash token, but my code is a lot slower than using a library. What is slowing my program down? It takes over 10 seconds to mint a 20-bit stamp, but using a ...
3
votes
1answer
271 views
Is this password hashing acceptable for a custom MembershipProvider?
I'm creating a custom MembershipProvider for an ASP.NET MVC5 application and am wanting to know if this code is acceptable for creating hashed and salted passwords. ...
2
votes
0answers
79 views
Sending signed email [closed]
Is this a good way to send a signed email message? It seems to me that a public key is a little too large to send as a email header. Should I be including the signature and key as a header field, or ...
6
votes
2answers
249 views
My API Keygen: Is it secure?
Below is an api key gen script for a cryptocurrency trading platform i am building.
first it checks to see if a key exists in the db for the user id. if it does exist it displays the key. if it ...
4
votes
1answer
80 views
Reducing repetitive Android code
How can I reduce the amount of repetitive code in my Android app? A lot of the code seems to be doing the same thing twice. I think that there is a more compact way to do this.
What are some ways ...
3
votes
1answer
78 views
Need Loops for PHP Username/Pass Encryption Script
I've created this PHP script to print a batch of usernames with encrypted passwords locally on my computer because the user/pass format is always the same.
username = username
password = ...
2
votes
2answers
330 views
How safe is my encrypt/decrypt PHP function?
I have to protect really sensitive information and I have to do it both ways: encryption and decryption. I'll be using this PHP code:
...
7
votes
3answers
406 views
Python implementation of SHA1
Here is a implementation of the cryptographic hash function SHA1 written in Python. It does not use any external libraries, only built-in functions. I know that it would be faster to use an external ...
2
votes
1answer
134 views
Critique of FilterInputStream and FilterOutputStream classes
I'm working my way through The Java Programming Language, Fourth Edition - The Java Series. This is Exercise Exercise 20.3:
Create a pair of Filter stream classes that encrypt bytes using any
...
6
votes
1answer
139 views
Cryptography implementation for a web-based file server
I'm not a dedicated cryptographer, so I'm looking for someone to look over these functions I wrote and let me know if there are any implementation errors leading to security vulnerabilities or just ...
4
votes
2answers
3k views
AES Encryption C# .NET
I have written a tool for encrypting string using the AesCryptoServiceProvider in .NET. The folllowing parameters are used:
Block Cipher Mode: CBC
Initialization Vector: 16 bytes (randomized
per ...
8
votes
2answers
3k views
Secure password hashing
I have found a password hashing article and an implementation.
Is this code secure if I increase the salt to 64 bytes, hash key size to 128 bytes and the iterations to 10000? Are there ...
2
votes
1answer
206 views
RC4 implementation in Go
I'm new to Go, and as a learning project I've been implementing RC4, attempting to follow pseudo-code in the Wikipedia links (and trying not to look at the far-superior version in the crypto package).
...
4
votes
2answers
464 views
Hashing passwords for a website
I have spent about 2 weeks reading about hashing passwords and website security. As there seems to be many different ways to achieve this, I'm a bit confused as to whether my code is secure.
Can ...
3
votes
1answer
71 views
Code Review of Haskell PBKDF2
Moved from Programmers.SE.
I have written a new version of the PBKDF2 algorithm in Haskell. It passes all of the HMAC-SHA-1 test vectors listed in RFC 6070, but it is not very efficient. How can I ...
8
votes
3answers
649 views
Improve random password generator
Can you please take a look at my code and improve it (if necessary)?
http://jsfiddle.net/U6R6E/
Javascript (with jQuery)
...
1
vote
2answers
151 views
Is my Encryption Module Secure?
I have a simple encryption module that is used to "encrypt" a text file because it contains some passwords. I only need to encrypt it because I need those passwords in my program (they are used to ...
2
votes
1answer
69 views
Better ways of solving the substitution cipher puzzle
here is the puzzle description
Your task is to decode messages that were encoded with substitution ciphers. In a substitution cipher, all occurrences of a character
are replaced by a different ...
1
vote
1answer
94 views
Am I interfacing in a secure manner with rijndael?
I have been working to create an easy-to-use set of methods to encrypt configuration objects for my client application. It will contain username and passwords to databases and similar vaults of data, ...
1
vote
2answers
136 views
Is my cipher secure?
This is a program that I made for encrypting text files, it uses a one time pad cipher to encrypt the files, but I do not know if there are any holes in my program that could be a vulnerability.
...
5
votes
2answers
185 views
HMAC-SHA1 implementation
I am trying out a small piece of code that would generate HMAC-SHA1. I have been asked to code the HMAC implementation myself using the OpenSSL libs for SHA1 calculation.
After 'wiki'ing for the ...
4
votes
1answer
101 views
Secure storgage of API key + secret, salted AES in Java
This class is responsible for storing an API Key and Secret pair. The secret is encrypted with AES in CFB mode, using a key derived from a passphrase, a random salt and a number of rounds of SHA1.
A ...
2
votes
1answer
259 views
JavaScript xor function
I made simple JavaScript xor function. It accepts string, numeric array and mixed array (char, string, num) as params. It returns string or an array.
Returning an array is a must!. All numbers are ...
6
votes
1answer
3k views
AES-128 encryption class
This is the first time I've written a class in Java to do encryption using AES. Since security is involved I would love it if someone could take a look at it and let me know if anything is wrong with ...
6
votes
1answer
230 views
RC4 in 8051 assembly optimization
I've been playing around with 8051 assembly lately and thought I would make a little project of implementing RC4, since it is pretty interesting and the algorithm doesn't seem too hard. Plus, taking ...
1
vote
0answers
66 views
Review streamed encrypt then mac construction
I've been porting python Keyczar to work under 2to3 conversion (Github). I wanted to consolidate it's streaming aes encrypt/decrypt backend interface with it's string decrypt/encrypt. So I wrote a new ...
3
votes
2answers
151 views
Nice design of my hash service class
I would like to know, if my design of this class is good OOP.
Should I implement for every hash algorithm a separate class?
I'm asking this, because the HashService ...
1
vote
1answer
397 views
Review my Diffie Hellman class
Here is a link to my project, more details regarding the Diffie Hellman Key Exchange using MODP cyclic grous are available here, no ECP currently implemented
...
2
votes
1answer
585 views
Simple crypto library in Python - correct and secure?
Apologies if this is too broad.
Is the code below (also available at github with tests, example, and description of algorithms) correct and secure?
It follows the recommendations at ...
2
votes
1answer
147 views
1024 bit key generation in php
I want to use this function to store 1024 bit keys in my Mysql database. If you call generateKey(128), you'll get a 128 byte string, same as 1024 bit string. I want to know if there is something wrong ...
1
vote
1answer
128 views
What can I improve in this Java based crypto code?
I use some basic cryptography in a project of mine.
Because I want my application to run cross-platform and because it seems pretty sophisticated I decided to go with the Java Cryptography ...
