Tagged Questions
10
votes
3answers
401 views
has scrypt withstood the test of time?
I've always heard that scrypt was better than bcrpyt... because of memory causing GPU a very difficult time to crack. However, the notion always was that scrypt hadn't been tested, it was kind of a ...
8
votes
3answers
812 views
Location to store an encryption key
I'm building a secure system which stores messages on a server in a Postgresql database. The messages are stored encrypted with PHP's openssl_encrypt() function with the AES-256-CBC method.
At the ...
4
votes
2answers
4k views
Can DES-based hashed password be recovered if salt is known?
Can a hashed password be recovered if the hashing is done with DES based crypt function in PHP and both the hash and salt are known by the attacker?
Consider the following example:
$salt = 'mysalt';
...
4
votes
3answers
618 views
PHP/JavaScript with RSA
I have a few columns in the database which should be encrypted. I'm wondering if the way I chose to make this system work is ok, and I'm looking forward to hear some opinions:
I chose RSA algorithm ...
4
votes
2answers
2k views
openssl_digest vs hash vs hash_hmac? Difference between SALT & HMAC?
openssl_digest vs hash vs hash_hmac
I want to use SHA512 for storing password.
Which of the above methods are best to use? Why?
What is the difference between SALT & HMAC?
I just read ...
3
votes
2answers
1k views
Is this algorithm for a random string cryptographically secure?
I've pieced together this algorithm (if it can be called that) from various bits of code I've seen online, and I'm wondering how cryptographically secure it is. It's used to generate passwords:
...
3
votes
3answers
2k views
How insecure are PHP's rand functions?
There are some pseudo-random-number generators in PHP: rand(), srand(), mt_rand(), mt_srand(). You can look at their code here.
I understand those functions are insecure, but how insecure are they?
...
2
votes
2answers
330 views
How high is the entropy of this salt-generating code? (No code-reading actually necessary)
What is the best method?
Assumption: I have a function that generates a number of medium-high entropy bytes
Step1:
I generate 3 of these medium-high entropy bytes.
Step2:
I hash these bytes using a ...
1
vote
2answers
1k views
Thoughts on Tiny Encryption Algorithm (TEA, anyone)?
I'm planning to implement Tiny Encryption Algorithm and exchange data between two PHP sites.
Specifically, using the code presented at PHP-einfach.de
Does anyone have any experiences / thoughts / ...
1
vote
1answer
1k views
aes cfb 128 decryption /encryption problem between Erlang and PHP
Update 2 - it works
Thanks to Tom Leek for his answer.
The CFB mode of mycrypt for Rijndael uses a 8-bit feedback loop and not a feedback loop the length of the key/iv.
You have to force it to use ...
1
vote
1answer
145 views
Is my AES/CTR/RIPEMD encryption correctly implemented?
Below is my encryption implementation in PHP. It's based on mcrypt, and uses AES-128 in CTR mode along with a RIPEMD-128 HMAC for integrity checking.
For brevity, I've inlined the functions for ...
1
vote
2answers
190 views
TCrypto - Comments about design decisions I made?
I have pushed some code to GitHub to demonstrate the usage of symmetric key encryption in PHP. It is a small key-value storage library and it (optionally) offers ability to encrypt the stored ...
0
votes
3answers
152 views
Maintain sensitive key between requests
EDIT: Reworked question. Previous version too poorly asked.
On my website users write sensitive messages that must be kept secret.
The entire user area is over SSL, so the communication between user ...
0
votes
1answer
95 views
is this code valid for securing passwords? [duplicate]
i was wondering if this is a secure method for a hashing password.if it is not secure please tell me what to do in order to make it secure
$pass='test'//the password
...
0
votes
2answers
275 views
What is the best way to generate keys in phpseclib?
I am using phpseclib implementation AES and HMAC. But I dont know the best way to create random keys for these.
What is the best way to do?
Is there any built in function in phpseclib to create keys ...
-1
votes
2answers
130 views
If md5 is only insecure because of its speed, why doesn't this workaround make it reasonably secure?
I'm going to preface this by saying I have absolutely no clue when it comes to cryptography, but I'm posting this question because I'm very interested and I have no doubt there are some smart people ...
