Questions tagged [encryption]
Encryption is the process of transforming plaintext using a cipher to make it unreadable to anyone except those possessing the key.
5,906
questions
2
votes
1
answer
119
views
Can I add salt to my salt for password hash? [duplicate]
Following this tutorial, I got a bunch of questions with this code :
const crypto = require("crypto")
async function hash(password) {
return new Promise((resolve, reject) => {
...
2
votes
2
answers
130
views
How to Sniff Bluetooth Traffic and Determine Encryption on Fitness Tracker Data?
I am attempting to analyze the Bluetooth communication between a fitness tracker (GOJI ACTIVE GFITBK20 Activity Tracker) and its corresponding application (Goji Active) installed on my Android phone. ...
4
votes
2
answers
708
views
Omit IV for AES128-CBC when requiring to always get the same ciphertext encrypting random IDs
Imagine having images stored in a system with their 256 bit hash (BLAKE2b) as their unique ID. We want to produce a URL for each image, something like:
https://host/images/cleartext-image-ID
In order ...
0
votes
0
answers
82
views
NTRU - How is the master key and session key generated?
I am learning the PKC topics and would like to understand about the master and session key generation process regarding NTRU.
Let's make it a scenario, if a user wants to register during the ...
0
votes
0
answers
29
views
The Boot Process - Sequence of Events, Boot Integrity Checks, and BitLocker OS Volume Encryption
Apologies if any of these questions have been answered previously. Also, apologies for the sheer number of questions asked here. I've done some digging, and have been unable to find a good resource ...
0
votes
3
answers
118
views
Is Homomorphic SQL Query Encryption a good idea - and should I use It?
My web app still needs a lot of work on it in the security department, so I'm considering implementing homomorphic encryption for my SQL database- to help protect from the outcomes of SQLi.
I know the ...
1
vote
1
answer
113
views
Refresh tokens for impersonating user credentials: how to implement them?
The web app I'm developing makes use of the concepts of "access token" and "refresh token", even though it uses its own auth scheme.
In certain situations, the web app needs to get ...
1
vote
1
answer
127
views
Why does the Signal Protocol use a symmetric key for encryption- when asymmetric keys are more secure? [duplicate]
The Signal Protocol, as many of you would know, is used by many applications such as WhatsApp and Signal. These corporations, I can vouch for, would definitely use the most secure protocol they could- ...
1
vote
1
answer
91
views
Couldn't an HDCP bypass "attack" always be done losslessly, given a known compression algorithm was used?
When DRM-protected video is displayed on an output device, these streams are sometimes saved and re-encoded, resulting in quality loss. However, let's say we can obtain the outputted video in a pixel-...
0
votes
1
answer
80
views
Why is the boot key used to access the encrypted SAM database hashes?
A quick something I’ve been wondering: why is the boot key used to access the encrypted SAM database hashes, (and not another key,) and also what encryption mechanism is actually used to encrypt the ...
0
votes
1
answer
109
views
How does iOS / Android device encryption work?
As far as I'm aware, a locked iOS is considered very safe. No one, who does not know the PIN cannot unlock the phone. While the PIN seems weak on the first glance (4 digits?) it is actually strong, ...
9
votes
5
answers
5k
views
Hash as filename to protect data
Requirement:
Users fill out a form which includes sensitive personal data and need to be able to download the content of this form for a limited time.
Question:
How useful / secure is it to create a ...
0
votes
2
answers
279
views
Is this solution I have programmed 100% hack-proof?
I have programmed something at work, and I believe it's been done in a way that's effectively 100% hack-proof even if I give full admin rights to the server.
In short, I have some legally sensitive ...
1
vote
1
answer
222
views
How does TLS-CRYPT-V2 work in OpenVPN?
I am configuring an OpenVPN server and I would like to use TLS-CRYPT-V2. For that, in the documentation, it is said that I have to create a TLS-CRYPT-V2 key for the server and one for each client, ...
0
votes
0
answers
43
views
How to allow users to securely use their private key to decrypt data in the browser [duplicate]
I'm working on an application where encrypted data can be stored on the server. Users can do this by obtaining public keys from the server, and use them to encrypt data locally before sending it to ...