Questions tagged [aes]
The Advanced Encryption Standard (AES) is a symmetric-key encryption standard adopted by the U.S. government. The standard comprises three block ciphers, AES-128, AES-192 and AES-256, adopted from a larger collection originally published as Rijndael.
869
questions
0
votes
0
answers
7
views
Implementing end to end encryption (react js , laravel) [migrated]
I need to implement end to end encryption between front (reactjs) and back (laravel). What I try to do is encrypt data in front using package cryptojs, send it using axios to backend, in the backend I ...
1
vote
0
answers
54
views
How to verify authentication tag during chunked AES-GSM-128 decryption
Due to there are large encrypted files we are dealing with, we can't afford to keep entire file in memory during a decryption process.
I've implemented the algorithm of chunked decryption of AES GSM ...
- 111
4
votes
2
answers
708
views
Omit IV for AES128-CBC when requiring to always get the same ciphertext encrypting random IDs
Imagine having images stored in a system with their 256 bit hash (BLAKE2b) as their unique ID. We want to produce a URL for each image, something like:
https://host/images/cleartext-image-ID
In order ...
- 604
2
votes
2
answers
104
views
Best Practices for AES: Fixed Key with Unique IV vs. Unique Key with Fixed IV
I'm working on implementing AES256 encryption for file security and am considering two different strategies:
Using a fixed key with a unique initialization vector (IV) for each file.
Using a unique ...
- 121
1
vote
1
answer
90
views
Login with roles without internet
Disclaimer: question orignally posted here but i was encouraged to ask it in this stack instead.
Introduction part
I'm writing an application that requires authentication to be used, specifically the ...
- 113
0
votes
1
answer
117
views
Why Ransomware generate keypair in victim?
I read this answer Ransomware encryption keys and understood how wannacry works. But I still have a question: as I understand, the hacker will put the hacker's RSA public key in the malware, the ...
- 1
0
votes
1
answer
91
views
Password-based encryption: keeping the user logged in without entering password again
Context
I have a system where some of user's data is encrypted via AES. Each user has their own key K. When the user creates an account, the K is generated and encrypted with a key derived from ...
- 65
0
votes
1
answer
95
views
Assembly routine for AES CBC encrypt
I'm assuming that OpenSSL is just using these functions here. page 66 is CBC
https://www.intel.com/content/dam/develop/external/us/en/documents/aes-wp-2012-09-22-v01-165683.pdf
Can I just generate a ...
- 21
0
votes
1
answer
90
views
Can token decryption endpoint response codes variability lead to security vulnerabilities?
To clarify the question, here's our case:
We generate encrypted tokens by applying AES-CBC (256 bit) and Base64 to payload:
encrypted_token = Base64.encode(AES_CBC_256.encrypt(key, iv, payload)).
...
1
vote
0
answers
73
views
MbedTls - keeping context private?
Let's assume we're running on mbed system with internal and external RAM. Dumping external RAM is much more easier for attacker on such systems when debug ports are locked.
I'm wondering if the ...
- 11
0
votes
0
answers
87
views
Same output of KDF for Alice and Bob?
Alice and Bob use the same password which will be used in a KDF like PBKDF2_HMAC or Argon2id to generate a AES-key. The problem is that Argon2id generates a different output for the same password, ...
- 2,916
1
vote
1
answer
287
views
How to get a 12 bytes authentication tag in AES-GCM
i want to generate a 12 bytes authentication in AES-GCM. my code only give me an output tag of 16 bytes. i have tried to use the min_tag_length but it rises an error.
can i get your guidance, thank in ...
- 21
0
votes
0
answers
549
views
How can I understand the zip2john hash format?
I had a .zip file that was apparently encrypted with AES-256 deflate.
7z l -slt archive.zip | grep Method
Method = AES-256 Deflate
Then I used zip2john to get a "hash" out of it:
archive....
3
votes
0
answers
120
views
Does a signature service provider level digital certificate for electronic signature comply with eIDAS requirement for Advanced Electronic Signatures?
I have some basic questions regarding eIDAS and 'Advanced Electronic Signatures'.
Say, if I create a product under my company Acme Inc that offers a simple electronic signature where I sign every ...
- 63
0
votes
0
answers
92
views
What is the best way to encrypt asymmetric metadata?
As a hobby project I'm thinking about how to write a secure chat where even all metadata are encrypted so that it is impossible to leak any (meta) information by design.
My basic idea is right now:
...
- 133