The encryption tag has no wiki summary.
4
votes
5answers
858 views
Paranoid Encryption
Call me paranoid, but I really like to keep my stuff secret, but readily available on the cloud. So, asking this question.
How safe and reliable is encryption software (e.g., truecrypt)? The reason ...
0
votes
2answers
168 views
Snapchat clone: How do I secure pre-downloaded notifications so that they cannot be opened outside of the app?
Say I'm making a snapchat clone app for Android and iOS. Let's say that I get a snapchat from Baz. I want to pre-download the audio for this snapchat. However, as the developer, I want to secure this ...
0
votes
1answer
42 views
VB.NET - Serial Key Generating (Encryption, Hashing, Encoding?) Algorithm
I am trying to create a basic licensing system where I take a unique ID from the client computer, and I get this Hexadecimal string (hyphens removed e.g. "84-18-CE-...."):
...
0
votes
0answers
15 views
Best approach for storing banking information [migrated]
I am currently developing an auction desktop application. At the moment I am storing the buyer and vendor information in 2 separate tables within a MySQL Database.
Currently the data for these tables ...
3
votes
4answers
91 views
Can I save & store a user's submission in a way that proves that the data has not been altered, and that the timestamp is accurate?
There are many situations where the validity of the timestamp attached to a certain post (submission of information) might be invaluable for the post owner's legal usage. I'm not looking for a service ...
21
votes
4answers
3k views
Is this simple XOR encrypted communication absolutely secure?
Say Alice and Peter each have a 4GB USB flash memory stick. They meet and save on both sticks two files named alice_to_peter.key (2GB) and peter_to_alice.key (2GB) which contain randomly generated ...
7
votes
6answers
5k views
Should I encrypt data in database?
I have a client, for which I'm going to do an Web application about patient care, managing patients, consults, history, calendars, everything about that basically.
The problem is that this is ...
0
votes
1answer
136 views
Browser security and payments
I've been finding a lot of blog posts claiming JS encryption is unsafe, here's a couple of detailed ones:
http://www.matasano.com/articles/javascript-cryptography/
...
0
votes
1answer
71 views
Encyption for passwords in config file?
I was wondering, if it makes sense to encrypt passwords for external services stored in my config file with an symmetric encryption algorithm?
On the one hand I think, if someone gets access to the ...
67
votes
15answers
15k views
Why should passwords be encrypted if they are being stored in a secure database?
I have a web service. Right now, I have passwords stored in plain text in a MySQL table on my server. I know this isn't the best practice, and that is why I am working on it.
Why should passwords be ...
2
votes
3answers
351 views
Options for client-side encryption of local web databases
My scenario is as follows:
Web application, run from the browser, designed for mobile devices.
Uses WebSQL storage which may contain sensitive
data.
Uses Application Cache to enable offline use ...
0
votes
2answers
122 views
Encrypt and decrypt password for a specific application
I have a basic web application where users can login and edit their profile. In the profile they can submit an username and a password for a different application. I'd like to take that password and ...
4
votes
3answers
363 views
Login into application at startup
Short version: I want "Login on program startup" checkbox like in Skype, for example, but don't know how to protect saved credentials securely.
I'm writing client application which, before doing ...
1
vote
3answers
309 views
Security through obscurity and storing unencrypted passwords
What exactly does "Security through obscurity" means in the context of stroing unencrypted passwords?
I'm using a small program (I won't name it, to not enlarge enough large shame on its author) that ...
1
vote
5answers
1k views
Building a web app with encrypted MySQL database entries?
I have some experience in building PHP based websites with MySQL access, storing encrypted user details, but all other fields being plain text. My most recent project will require sensitive data to be ...
1
vote
2answers
67 views
Could someone help me understand SQL TDE Database encryption?
I don't quite follow how it works. According to the MSDN Article there is a big hierarchy of keys protecting other keys and passwords. At some point the database is encrypted. You query the database ...
5
votes
3answers
4k views
How do I encrypt the source code on the webserver?
I have a web application developed using Python, HTML, CSS & JavaScript.
The customer installs it in any of their own Machine and uses it through their LAN.
In short the customer sets up the ...
1
vote
2answers
214 views
Safest way (i.e. HTTPS, POST, PGP) to send decryption keys through the web?
I am in the final stages of development for my Revit plugin. This plugin is programmed in C#, and distributed via a DLL. One of the DLLs is an encrypted SQLite database (with proprietary data) that is ...
7
votes
2answers
261 views
Data encryption/protection - where to find info about high-level best practices [closed]
I feel that no one in the group I work in, myself included, really groks encryption and security, or the reasons behind making certain decisions. For example, we recently had a conversation regarding ...
0
votes
0answers
1k views
How secure is this way of authenticating an ASP .NET Web API - creating your own tokens?
http://www.codeproject.com/Articles/630986/Cross-Platform-Authentication-With-ASP-NET-Web-API#_rating
The above link shows exactly how I want to go about authenticating against an ASP .NET Web API. ...
28
votes
4answers
805 views
Zero-knowledge code hosting? [closed]
In light of recent revelations about widespread government monitoring of data stored by online service providers, zero-knowledge services are all the rage now.
A zero-knowledge service is one where ...
14
votes
6answers
926 views
How to assure users that website and passwords are secure
On reliable websites I always see claims such as "All data is encrypted" or "All passwords are encrypted using 128bit encryption" and etc. However I have never come across a claim such as "All ...
4
votes
1answer
399 views
Is a PHP file secure enough on a GoDaddy Server to hard code an AES salt into the file?
So I am creating a web api for an app I am making. The data is sanitized before it is sent to my web api and then encrypted before it is stored in my MySql server.
The phone app sanitizes then ...
9
votes
2answers
872 views
Encryption Cannot Be Reversed?
I am under the impression that an encrypted string cannot be decrypted so the original value is lost forever.
However, if the following string always equals "dominic" (my name), then can't there be ...
12
votes
2answers
1k views
How can I get my own encryption algorithm tested?
I've just developed a block cipher symmetric-key algorithm and I am using it in some of my products. I want to put it to real test.
How would one go about entering their encryption algorithm into an ...
6
votes
4answers
394 views
Public-key cryptography security given NSA resources
I was wondering how secure public private key encryption methods are.
If two individuals were sending emails back and forth forever, where each person would encrypt the body of the email they were ...
1
vote
4answers
207 views
How to handle the problem of modified encrypted files
I have a simple encryption/decryption application that I am testing to learn more about security. I found out that if the user modifies the encrypted file, then decryption fails because the hashing ...
2
votes
1answer
363 views
Client side authentication through signatures instead of passwords
I want to save some user-generated data with some signature of the user that generated it (let's say that the user has to fill some forms with some data and I want him to sign the written data).
The ...
1
vote
4answers
287 views
Why do web sites require certain characters in their credentials? [closed]
It seems like when web site lists requirements as to what characters MUST be in the password they're only providing a password map for someone who wants to hack their system.
For instance, fsd.gov ...
-5
votes
3answers
462 views
Is sending password to user email secure? [closed]
How secure is sending passwords through email to a user, since email isn't secured by HTTPS.
What is the best way to secure it? Should I use encryption?
3
votes
2answers
943 views
I need advice developing a sensitive data transfer/storage/encryption system
I got closed on SO and told to post this here as it's about general application design as opposed to specific code.
Intro
I'm currently working on a project which involves the daily extraction of ...
1
vote
1answer
155 views
Storing 'sensitive' data in settings file
I'm writing a small utility in AutoIt that connects to Twitter. I would like to store the username and password in the programs setting file, but I know that it needs to be encrypted obviously. ...
0
votes
1answer
138 views
How to do scalar multiplication and matrix inverse when variables are of size 1000 bits?
I am doing arithmetic operations on really huge numbers.
For example, I am given six variables, a_{11}, a_{12}, a_{21}, a_{22}, x_1, and x_2.
Although the above are math terms, these six variables ...
1
vote
4answers
428 views
Implementation ideas to store multiple files within a single file for faster access?
My requirement is to store a large number of files within a single file.The files stored could be anything like images, videos or simple text files as well. I want some ideas to implement the same. I ...
1
vote
1answer
326 views
Are python's cryptographic modules good enough?
I mean, say you were writing professional grade software that would involve sensitive client information. (Take this in the context of me being an amateur programmer.)
Would you use hlib and hmac? ...
0
votes
2answers
303 views
How to access an encrypted INI file from C on an embedded system with little RAM
I want to encrypt an INI file using a Delphi program on a Windows PC.
Then I need to decrypt & access it in C on an embedded system with little RAM.
I will do that once & fetch all info; I ...
2
votes
2answers
202 views
help for choosing an encryption method for a database column
I'm storing some phone numbers in the database which should kept totally secret (they're supposed to access via web). BTW, because of the position of these people, I need to prevent any chance for ...
0
votes
1answer
477 views
How do PGP and PEM differ?
Email messages are sent in plain text which means that the messages I send to Derpina are visible to anyone who somehow gets access to them while they are in transit.
To overcome this, various ...
0
votes
3answers
396 views
What encryption algorithm/package should I use in a betting game?
I have a betting type site where I publish a number (between 0-100) that is encrypted. Then after a period of time, I would review what the number is and prove it with a key to decrypt the encrypted ...
-1
votes
3answers
633 views
How does eMail encryption work?
I have been going over YouTube watching videos on eMail encryption and everyone seems to explain it from a different perspective. Some do it for a CompTIA exam while others just provide a primer.
Here ...
3
votes
4answers
516 views
Public-private key pair handling on a Windows ecosystem
I've been thinking about how to architect an infrastructure for one of our business applications with the following requirement:
Data written by some user can only be read by that user and his ...
1
vote
1answer
189 views
How to handle encryption key with a large development team?
If we have a large development team, say 100, and we would like to keep our encryption key hidden from developers who are not directly involved in the encryption module/algorithm, what are some best ...
0
votes
1answer
247 views
Best Practices To Build a Product Registration System?
What are some practices I should use in a product registration system I'm building? I likely can't stop all malicious hacking, but I'd like to slow them down a great deal. (Note, I know only PHP.) I'm ...
2
votes
2answers
372 views
How to handle encryption key conflicts when synchronizing data?
Assume that there is data that gets synchronized between several devices. The data is protected with a symmetric encryption algorithm and a key. The key is stored on each device and encrypted with a ...
1
vote
1answer
4k views
HTML5 localStorage and encrypted sensitive data
I'm looking for a way to have a website remember sensitive data, but without actually storing it server side. And I was looking at HTML5 localStorage to do it. Here's the plan as I see it.
User ...
2
votes
1answer
204 views
How to encrypt data using the private key?
I understand that in asymmetric crypto systems:
The public key is generally used to encrypt data and only the private key can be used to decrypt that data.
It's trivial to derive a public key from ...
4
votes
4answers
610 views
Should I perform encryption in the front end or within the database?
I want to store an encrypted string (specifically, email addresses) in a database. I'm currently using Python and MySQL. I was initially going to use MySQL's AES_ENCRYPT/DECRYPT to handle it, but then ...
4
votes
3answers
2k views
URL Encryption vs. Encoding
At the moment non/semi sensitive information is sent from one page to another via GET on our web application. Such as user ID or page number requested etc. Sometimes slightly more sensitive ...
2
votes
1answer
304 views
Books or guides regarding secure key storage and database encryption [closed]
I have an idea for a SaaS product I want to create, however, this product will store extremely sensitive data that needs to be encrypted at rest. The trouble is not so much the encryption, but the ...
5
votes
3answers
3k views
How does a web browser save passwords?
How do current web browsers (or mobile mail clients and any software in general) save user passwords? All answers about storing passwords say we should store only hashes, not the password themselves. ...
