This tag is used for code review questions relating to cryptographic topics such as encryption/decryption and hashing.
0
votes
0answers
21 views
AES-128 CBC decryption [on hold]
I have written this code in java in order to decrypt a ciphertext. I have the key. Everything seems correct to me but I have the problem that I'm gonna explain.
Here is my code:
...
2
votes
0answers
24 views
Secure password-hashing in Java
Here is an article on password hashing, along with an implementation.
Is this code secure with number of iterations 10000, key length 256 and salt bytes 32?
Is there a rule-of-thumb for key ...
4
votes
1answer
27 views
Simple password dictionary attack script
This is my simple Perl script implement password dictionary attacking, encryption algorithm SHA1 with different length.
It takes 2 arguments as input: first argument is password dictionary file path, ...
6
votes
0answers
72 views
Password-hashing method in Java [closed]
There is an article on Crackstation where they show you how to hash a password correctly. I've implemented the Java version of it which is working fine, but is the method they use secure?
...
4
votes
1answer
81 views
Parallelizing scrypt key-derivation function
To review my use of multiprocessing, I don't think it is at all necessary to understand the algorithm, but it's the scrypt key-derivation function.
This uses ...
2
votes
1answer
69 views
User name and password validation in a MVP application
In a WinForms application I'm doing the password validation as follows:
When the user presses the OK button after entering username and password, an event will be fired and the listener in the ...
2
votes
1answer
36 views
Ensuring client IDs are unique
I'm writing a node.js application that involves handling clients based on their ID without any real way of confirming that the ID a client says it has is its actual ID. That is, it's possible for a ...
6
votes
3answers
266 views
Simple Caesar shifter in C#
I use these in a windows form with fun buttons, I wanted to see what the world thinks of my coding.
This is something that I coded about 2-3 years ago, I did change some of the coding when I looked ...
3
votes
3answers
42 views
Keyfile Generator
This is a Java program that generates a random keyfile (for OTP, for example).
...
3
votes
1answer
70 views
Structure and style of Enigma Machine
I took a little time and wrote the following code to produce enigma encryption. I don't normally write code in C so I would like to get feedback on the way it has been structured and any issues a ...
6
votes
1answer
64 views
MCRYPT - are there any flaws or areas for improvement in this class?
I am working on a class for encryption to use on my site. I have read through many examples of these functions and would just like to clarify a few points I have read and check if this code is worthy. ...
6
votes
3answers
62 views
Encrypt and backup folder to email daily, when online
I have a backup script which should backup a folder and send it to email. This should be done once a day. As this is on my laptop which is not online 24/7 I need to check that I am online and can send ...
7
votes
2answers
106 views
Dictionary brute force on DES encrypted passwords
For a school project I am tasked to decrypt DES passwords. I have sample code provided below and I want to know if this is the best method. Also should I code in error handling for the dictionary ...
4
votes
1answer
111 views
How to optimize this Playfair encryption?
For the implementation of the Playfair encryption I needed a custom struct called Cell. This is because I not only need an array of characters I also want to get Elements in a matrix based on their ...
2
votes
2answers
95 views
Cryptographic Extensions
I have created a small crypto extension and I want a deep review of it, such as possible fixes (for hidden problems) and tweaks...
1- Crypto.cs
...
11
votes
3answers
356 views
Enigma simulator performance
Here is my implementation of a simple 3 rotor Enigma machine in C++:
...
1
vote
1answer
90 views
How can this Encryption Class be more secure?
How secure is this encryption?
Secondly, is there something I could do to "turn it up a notch" and make it 'more' secure?
...
4
votes
2answers
66 views
Cookie encryption library
Recently I needed to save session state in cookies, instead of server side. I looked around and didn't see anything similar, so I decided to write something to handle the encryption, decryption, and ...
6
votes
2answers
159 views
OpenSSL PBKDF2-HMAC-SHAx proof of concept
I have regrettably been away from C programming for a very long time, so I'd like to get a quick code review of a first proof of concept, before I get too far into adding capabilities, using the ...
10
votes
6answers
1k views
Small one time pad encryption program
This one time pad encryption program I have written (basically just an XOR "encryption" program) seems to be working fine, compiling nicely (gcc -o ./OTP.c), and doing what it's supposed to. However I ...
9
votes
2answers
126 views
Can this secure, random generator be improved?
This random generator uses cryptographically secure numbers/chars instead of Math.random(). The Javascript code with jQuery works well but I affect clean code ;) It ...
9
votes
3answers
603 views
Password hashing method
I am having some issue to use PHP5 password_hash() function. My server is not supporting it, so I am using a function to hash. Is this one secure?
...
7
votes
1answer
81 views
Embed MD5 digest in a directory path name
My boss needs me to embed the MD5 digest in a file path, but the problem is MD5 contains escape characters.
I've already taught about a uc%duc%d... format, but it ...
6
votes
1answer
312 views
6
votes
1answer
112 views
Encrypting a payload for transmission over HTTP. AES256 with PBKDF2
I've done some reading about implementing AES256 and deriving a key from a password. If I understand correctly:
I want to generate a new salt (for the key) and a new IV (for the encrypted message) ...
3
votes
2answers
215 views
Using SQL with encryption
This is my first project I am doing in VB.NET, and also my first real programming project. There is sensitive data, so I am utilizing Microsoft's Encryption/Decryption class (...
4
votes
0answers
467 views
AES CTR mode using pycrypto
I've implemented CTR mode by myself (only decryption for now), using only AES built-in functions from pycrypto. It means that I'm not supposed to use mode=AES.MODE_CTR. However, I know that using ...
4
votes
1answer
485 views
Encrypt Using AES
I'm using Microsoft's example
for encrypting/decripting a string. In their example, they are using Tripple DES. I'm trying to convert their code to use AES.
The modified code, listed below, works. ...
8
votes
1answer
122 views
Python mint hashcash token
This is a Python program to mint a hashcash token, but my code is a lot slower than using a library. What is slowing my program down? It takes over 10 seconds to mint a 20-bit stamp, but using a ...
3
votes
1answer
456 views
Is this password hashing acceptable for a custom MembershipProvider?
I'm creating a custom MembershipProvider for an ASP.NET MVC5 application and am wanting to know if this code is acceptable for creating hashed and salted passwords. ...
2
votes
0answers
92 views
Sending signed email [closed]
Is this a good way to send a signed email message? It seems to me that a public key is a little too large to send as a email header. Should I be including the signature and key as a header field, or ...
6
votes
2answers
428 views
My API Keygen: Is it secure?
Below is an api key gen script for a cryptocurrency trading platform i am building.
first it checks to see if a key exists in the db for the user id. if it does exist it displays the key. if it ...
4
votes
1answer
105 views
Reducing repetitive Android code
How can I reduce the amount of repetitive code in my Android app? A lot of the code seems to be doing the same thing twice. I think that there is a more compact way to do this.
What are some ways ...
3
votes
1answer
84 views
Need Loops for PHP Username/Pass Encryption Script
I've created this PHP script to print a batch of usernames with encrypted passwords locally on my computer because the user/pass format is always the same.
username = username
password = ...
2
votes
2answers
495 views
How safe is my encrypt/decrypt PHP function?
I have to protect really sensitive information and I have to do it both ways: encryption and decryption. I'll be using this PHP code:
...
7
votes
3answers
500 views
Python implementation of SHA1
Here is a implementation of the cryptographic hash function SHA1 written in Python. It does not use any external libraries, only built-in functions. I know that it would be faster to use an external ...
2
votes
1answer
173 views
Critique of FilterInputStream and FilterOutputStream classes
I'm working my way through The Java Programming Language, Fourth Edition - The Java Series. This is Exercise Exercise 20.3:
Create a pair of Filter stream classes that encrypt bytes using any
...
6
votes
1answer
151 views
Cryptography implementation for a web-based file server
I'm not a dedicated cryptographer, so I'm looking for someone to look over these functions I wrote and let me know if there are any implementation errors leading to security vulnerabilities or just ...
4
votes
2answers
4k views
AES Encryption C# .NET
I have written a tool for encrypting string using the AesCryptoServiceProvider in .NET. The folllowing parameters are used:
Block Cipher Mode: CBC
Initialization Vector: 16 bytes (randomized
per ...
9
votes
2answers
3k views
Secure password hashing
I have found a password hashing article and an implementation.
Is this code secure if I increase the salt to 64 bytes, hash key size to 128 bytes and the iterations to 10000? Are there ...
2
votes
0answers
204 views
Am I using PHP Mcrypt the right way?
I have written a small wrapper class for using PHP Mcrypt for encrypting and decrypting text data. This class generates a salt for hashing the key and encrypts the given data with the generated key ...
2
votes
1answer
236 views
RC4 implementation in Go
I'm new to Go, and as a learning project I've been implementing RC4, attempting to follow pseudo-code in the Wikipedia links (and trying not to look at the far-superior version in the crypto package).
...
4
votes
2answers
503 views
Hashing passwords for a website
I have spent about 2 weeks reading about hashing passwords and website security. As there seems to be many different ways to achieve this, I'm a bit confused as to whether my code is secure.
Can ...
3
votes
1answer
73 views
Code Review of Haskell PBKDF2
Moved from Programmers.SE.
I have written a new version of the PBKDF2 algorithm in Haskell. It passes all of the HMAC-SHA-1 test vectors listed in RFC 6070, but it is not very efficient. How can I ...
8
votes
3answers
757 views
Improve random password generator
Can you please take a look at my code and improve it (if necessary)?
http://jsfiddle.net/U6R6E/
Javascript (with jQuery)
...
1
vote
2answers
164 views
Is my Encryption Module Secure?
I have a simple encryption module that is used to "encrypt" a text file because it contains some passwords. I only need to encrypt it because I need those passwords in my program (they are used to ...
2
votes
1answer
81 views
Better ways of solving the substitution cipher puzzle
here is the puzzle description
Your task is to decode messages that were encoded with substitution ciphers. In a substitution cipher, all occurrences of a character
are replaced by a different ...
1
vote
1answer
99 views
Am I interfacing in a secure manner with rijndael?
I have been working to create an easy-to-use set of methods to encrypt configuration objects for my client application. It will contain username and passwords to databases and similar vaults of data, ...
1
vote
2answers
141 views
Is my cipher secure?
This is a program that I made for encrypting text files, it uses a one time pad cipher to encrypt the files, but I do not know if there are any holes in my program that could be a vulnerability.
...
5
votes
2answers
303 views
HMAC-SHA1 implementation
I am trying out a small piece of code that would generate HMAC-SHA1. I have been asked to code the HMAC implementation myself using the OpenSSL libs for SHA1 calculation.
After 'wiki'ing for the ...
