Questions tagged [cryptography]
The cryptography tag has no summary.
63 questions
0
votes
1
answer
192
views
How to best handle keys for signing API callbacks
I am writing an API for a payment system. Third parties can register callback URLs that are linked to an account ID so that whenever a transaction involving that account ID is updated, my API calls ...
1
vote
2
answers
415
views
How to best obfuscate a built-in key in an application?
We're building an application that needs to log into a website using built-in credentials. It's not optimal to say the least, but we're stuck with "knowing" the username and password ...
- 493
0
votes
2
answers
204
views
How to verify that a legitimate (but unknown) remote asset from an unknown source has not been compromised and that its integrity remains intact?
I am familiar with and see the benefits of Subresource Integrity (SRI).
I understand that with SRI, once you've added a script reference with the correct integrity attribute, if the remote script is ...
- 295
4
votes
3
answers
283
views
Is it possible to store N bits of unique combinations, in N-1 bits? If not; why does MD5 get reprimanded for collissions?
Regarding cryptography and the issue of collisions, I posed a question as to whether it was ever possible to store every single possible combination of a bit array of a particular size, in a bit array ...
- 3,649
2
votes
2
answers
326
views
Is there a reliable way to get get the fingerprint of a file hosted online, without fully downloading it?
Background
Tertiary to this question, I have been building my own imageboard that prevents [for example] duplicate images from being downloaded again and again on behalf of the client. How I do this, ...
- 3,649
2
votes
1
answer
161
views
How to randomly allocate a set of IDs digitally, one ID per person, such that everyone knows that the particular allocations are kept private?
I have a set of UUIDs that I want to assign to a set of people. I want to deliver these UUIDs to people in a secure manner, such that everyone knows that I do not know which UUID corresponds to which ...
- 31
-1
votes
1
answer
98
views
Protecting cryptocurrency private keys in a corporate environment
Now that Tesla has bought a large amount of BitCoin, other companies may follow suit. If my company wanted to do that, I was thinking about how it could be done.
I'm familiar with the way private ...
- 133
0
votes
1
answer
409
views
How to use auto-login for an API when building a desktop app?
I am currently building a small application which used a public API to get some information. The API doesn't support auto-login in any way (don't know if something like this even exists with APIs), ...
- 1
-2
votes
1
answer
168
views
Is there a way to encode binary into natural language?
I was wondering if there was a way to encode binary data, such as Crypto addresses into a natural language format, in a similar fashion to how what3words.com can encode locations into three easy-to-...
- 107
5
votes
2
answers
5k
views
Programming a library in multiple languages
I am planning to implement a cryptographic library for several languages and looking for best practices. I have looked at several threads, especially this, this, and this one, which answer my ...
- 53
1
vote
2
answers
513
views
C# Destructors in RSA Crypto
I'm just reviewing some of my code and thought I'd throw this out there for comment.
I have a factory class that builds and returns a class for RSA Crypto tasks. It implements IDisposable. All the ...
- 184
1
vote
1
answer
672
views
Does the SHA256 hashing algorithm change based on the content encoding?
I am starting to look into how to implement SHA256 in JavaScript, and found this for example. It requires UTF-8 encoding it sounds like. Another one I saw required/supported only ASCII encoding and ...
- 2,757
2
votes
1
answer
162
views
Do you need to implement TLS versions < 1.3 if you were to implement a TLS supporting library today?
I am looking at all the green and red boxes here, and am wondering what it would look like if one were to "implement TLS" today? What should you implement if you were to implement TLS today?
Do you ...
- 2,757
1
vote
1
answer
188
views
How to eliminate transparent memory copy in runtime?
Despite various ways to scrub sensitive data in volatile memory (see Survive DSE or Zeroing buffers), programs tend to perform transparent memory copies (such as a Garbage Collection). The newly ...
- 37
1
vote
1
answer
295
views
Encryption key on passwordless authentication
A PHP based webshop running on a shared hosting stores libsodium encrypted personal data in it's MySQL database. To let users have access to their own data, a design very similar to the one discussed ...
- 21
-1
votes
1
answer
363
views
Pattern to encrypt / decrypt data to / from a server without entering the secret key each time?
The title maybe it's a little bit confusing but I am certain that what I want to achieve is a common pattern, even if I didn't found anything on internet.
I'm developing a web app that store ...
2
votes
1
answer
2k
views
How to store private ssh keys for my application?
I 've a pair of private and public ssh keys, which I'm using in encrypting and decrypting my JWT.
So I'm creating and signing my JWT with my private key and shared the public key with the client who ...
- 29
0
votes
1
answer
103
views
More explicit explanation for password authenticated key retriveal
How can i realize password authenticated key retrieval? I found some description of PAKR:
A PAKR (Password-Authenticated Key Retrieval) protocol and its multi-server system allow one party (say, ...
- 11
1
vote
1
answer
316
views
Domain model and feature Crypter
In my project I must implement a feature for encrypting some information when it is written into the database, and decrypt the information when it is reloaded.
Should this concept be implemented in ...
1
vote
0
answers
340
views
Storing File URI and Checksum to check if the file was changed in future
right now application is storing a file data in database and we are considering instead to store a link (http, ftp, etc) to the file and its checksum. We will only provide a service and the service ...
- 143
-4
votes
1
answer
142
views
Creating a multiplatform (IOS, Javascript, and JAVA) linked user account database
I have done weeks researching this question for my App Idea.
Background of the APP - Simply a multi crypto currency wallet which users sign up with ONLY username and Password - no email, FB, or ...
7
votes
3
answers
12k
views
What is an example for a one-way hash function?
I am doing a bit of research on hash functions. I understand the concept that it is an equation that is easy to do one way (you take the number 00011010 for example and do reasonably simple math with ...
- 171
2
votes
1
answer
152
views
Proof of digital document integrity
Let's say we have the following scenario.
We have user A and user B and an initial digital document D generated by B.
What algorithms and infrastructure are required in order to guarantee/prove ...
- 49
1
vote
1
answer
532
views
Should I encrypt my cookies using AES?
I'm going to encrypt the following data (server side):
email, IP, username
{
*IP*: {
email: *email at this IP*
username: *username of email IP*
}
*IP2*: {
email: ...
- 220
0
votes
1
answer
159
views
Apart from immutability, does blockchain offer any other advantages?
I am trying to understand the broader implications of blockchain apart from the main advantage of immutability. Are there any?
It seems like the distributed nature of the ledger can be an asset when ...
- 3,325
-1
votes
1
answer
221
views
Can RSA be used to secure client data before sending to server? [closed]
So one day i was reading about RSA and over there it was written that we can secure the data using the public key. So as an idea can I secure the data on the client itself before sending it to the ...
- 51
5
votes
4
answers
2k
views
Whats safest way to tell if decryption was successful?
I'm making a C program that uses GTK3 (best documentation ever) and OpenSSL (worst documentation ever) to simply encrypt/decrypt a file using a password. The encryption and decryption functions are ...
- 508
0
votes
2
answers
68
views
Allowing only users of the official client to upload media to my server. Possible?
I've been toying with a project idea for a while now but can't quite settle on one important detail. The plan is to write a client that can author and upload WebMs to a server for global viewing (...
user247948
0
votes
1
answer
2k
views
Algorithm to create a superincreasing sequence
I am building an implementation of the [Merkle-Hellman Knapsack Cryptosystem] for my study.(https://en.wikipedia.org/wiki/Merkle%E2%80%93Hellman_knapsack_cryptosystem)
One of the things I would like ...
- 4,947
2
votes
1
answer
2k
views
How to generate random Boolean functions in Algebraic Normal Form in Python?
I am looking at A SAT-based Public Key Cryptography Scheme and got inspired to challenge myself to write an implementation of this Cryptography Scheme on Python.
A part of the cipher encoding would ...
- 31
1
vote
1
answer
150
views
Simplistic non-secure example of public key encryption
I'm giving a lecture to novice developers on security and would like to explain ssl and the basics of certificates. For this I would like to convey a vague intuitive understanding of asymmetric key ...
- 2,012
0
votes
1
answer
652
views
How does Luhn algorithm relate to cryptograpic hash functions?
What I am interested is the similarities and differences between the two. It is my understanding to present time that Luhn algorithm is a type of checksum function same as some cryptographic hash ...
- 103
1
vote
1
answer
195
views
Personal Digital Signatures in Web Applications [closed]
In order to sign data with personal digital signature in a web application, server side languages like PHP can do the whole job, but that would require that the user uploads his private key, lets say ...
- 197
3
votes
1
answer
167
views
What is the origin of the phrase "extirpated as a potential munition"
I recently came across this statement in the Perl documentation:
extirpated as a potential munition
derived from the sentence:
"Creates a digest string exactly like the crypt(3) function in the C ...
- 141
1
vote
1
answer
623
views
Question on RC4 algorithm
I started reading RC4 from a book and was not able to understand some phrases correctly.
The RC4 algorithm is remarkably simple and easy to understand. A variable length key of from 1 to 256 bytes ...
- 135
0
votes
2
answers
3k
views
What kind of applications are built using C [closed]
I studied C programming about ten years ago, whiles in Uni,however I would like to pick it up again.
I'm looking at developing secure applications that utilize cryptography.
Would C be the right ...
3
votes
1
answer
2k
views
Hash function with uniqueness guarantees and controllable entropy
Is there a class of hash functions that meets the following specs:
Upper and lower bound can be specified
Uniqueness is guaranteed as long as the input is between the upper and lower bounds
Amount of ...
- 165
29
votes
7
answers
4k
views
Is there any algorithm pattern to protect any content in the web to ensure I am the first one who created it?
A few years ago there was this hacker (don't remember who he was) that full disclosed a vulnerability in a given system, but to make sure nobody took credit for that, he created some kind of PGP key.
...
- 417
4
votes
1
answer
8k
views
Difference between reverse lookup tables and rainbow tables
Using Reverse Lookup Tables, you create a lookup table consisting of the password hash of user accounts. Then you use another table which consists of hashes with guessed passwords. Then you compare ...
- 248
0
votes
1
answer
124
views
Does inserting/removing random characters in a string count as cryptography?
I'm making an iOS game. All developers need to determine whether their app uses cryptography or not.
My game saves files in the Documents folder. They are .plist files representing dictionaries. They ...
- 3,937
2
votes
2
answers
305
views
How faster could a dedicated chip do sequential squaring modulo operations to break a time crypto capsule?
I'm facing a very real problem and, sadly, I cannot find the answer on my own: I'm hitting my limit as a programmer because my hardware knowledge is not sufficiently advanced at all.
It's an issue I'...
- 1,067
2
votes
5
answers
3k
views
secure photos on server [closed]
I would like to hear advice from the more experienced developers. The project is now in the design stage. It's mobile application and a simple web application. Content is pictures, comments, personal ...
- 147
0
votes
2
answers
501
views
Snapchat clone: How do I secure pre-downloaded notifications so that they cannot be opened outside of the app?
Say I'm making a snapchat clone app for Android and iOS. Let's say that I get a snapchat from Baz. I want to pre-download the audio for this snapchat. However, as the developer, I want to secure this ...
- 101
44
votes
6
answers
69k
views
Where to store the private key?
Say I want some parts of my software to be encrypted. For example, the credentials for a database, etc. I need to store those values somewhere, but doing so in cleartext would make it easy for an ...
- 889
0
votes
1
answer
2k
views
deciphering columnar transposition cipher
I am looking for an idea on how to decipher a columnar transposition cipher without knowing the key or the length of the key.
When I take the cipher text as input to my algorithm I will guess the ...
- 103
153
votes
1
answer
16k
views
What are the advantages and disadvantages of cryptographically signing commits and tags in Git?
So someone peer reviewed my work, and he told me that I should always sign my commits and tags cryptographically. When asked why, he didn't know to explain it to me, and said "It's just a good thing ...
- 8,987
-2
votes
2
answers
928
views
What is the best programming language to do crypto running time measurement? [closed]
I am trying to measure the running time of different crypto algorithm. e.g. how long it takes to encrypt/decrypt a block of plaintext. May I ask if C with OpenSSL is the best PL to do this?
- 107
6
votes
2
answers
3k
views
How to manage my private key for signing .NET assemblies?
I write open source .NET class libraries as a hobby and thought about signing them. I can get Visual Studio to generate me a password protected public/private key pair and save it as a .pfx file, but ...
- 2,755
1
vote
1
answer
687
views
Are python's cryptographic modules good enough?
I mean, say you were writing professional grade software that would involve sensitive client information. (Take this in the context of me being an amateur programmer.)
Would you use hlib and hmac? ...
- 1,124
1
vote
1
answer
703
views
Using a random string to authenticate HMAC?
I am designing a simple webservice and want to use HMAC for authentication to the service.
For the purpose of this question we have:
a web service at example.com
a secret key shared between a user ...
- 800