Questions tagged [encryption]
Encryption is the process of transforming plaintext using a cipher to make it unreadable to anyone except those possessing the key.
5,906
questions
1
vote
1
answer
145
views
Hide password from server
I’m a beginner in cryptography and for my first project I use the client’s password to encrypt some data. More specifically, I use the password as passphrase in RSA private key generation). However, I ...
0
votes
1
answer
76
views
relation passphrase and password-based key derivation
I am not totally sure how the following concepts are related, could someone please explain?
password-based key derivation
passphrase that can be passed to crypto.generateKeyPairSync (in Node.js)
...
0
votes
0
answers
81
views
Saving access and refresh tokens securely
I have a mobile and backend applications. And I am trying to communicate with Microsoft Graph API and I obtain access and refresh tokens through their OAuth. I get these tokens from my mobile app at ...
2
votes
1
answer
122
views
Does having 2 different cyphertexts for the same plaintext help an attacker
I'm considering using key rotation for a website. Let's say I generate new keys every month.
In Jan someone saves a URL on their browser, let's say in plaintext it's https://example/12345 encrypted to ...
4
votes
1
answer
462
views
Find password decryption used in MSSQL
I have the 2 encrypted passwords in my MSSQL database and I'm trying to decrypt it. Here's one of the encrypted password:
E4-68-3F-BE-91-CC-BE-B9-27-4B-18-B1-5F-1B-39-66
The password to the above ...
0
votes
1
answer
117
views
Why Ransomware generate keypair in victim?
I read this answer Ransomware encryption keys and understood how wannacry works. But I still have a question: as I understand, the hacker will put the hacker's RSA public key in the malware, the ...
0
votes
1
answer
144
views
Can a VPN company perform a MiTM attack if SSL Pinning is in place?
Recently, I read news about Facebook acquired the Onavo VPN company to monitor Snapchat users' traffic. It seems they executed a Man-in-the-Middle attack by replacing the certificate. But could they ...
0
votes
1
answer
101
views
Secure Transmission of Secret Keys Between Mobile App and API Server
I need to establish a secure method for transmitting shared secret keys between a mobile app and an API server to ensure the integrity of the data.
When initially exchanging shared secret keys, I'am ...
0
votes
1
answer
58
views
Question about storing salt values and hashed passwords in the database [duplicate]
So I was reading through an article about how passwords are salted and hashed through a cryptographic function here, and found out that hashed passwords, along with the plaintext salt values are ...
0
votes
1
answer
66
views
Storing the hash of the plaintext and the encrypted plaintext next to each other [closed]
I generate a random string of 32 characters and then compute the SHA-512 hash then I encrypt the unhashed string. I then save the encrypted text and hash to the database. Is it okay to store the hash ...
0
votes
0
answers
20
views
Relation between plain text and encrypted in URL [duplicate]
There are several plain text and encrypted text like:
Plain text
Encrypted text
10101004535
7Za9kHM9OH6tKTrtxy86gw==
10860586924
/nwjXW3MYkcATRS5Xyjx/A==
10480090635
/F0D9ePZffTIiH/P8mK+kw==
...
0
votes
1
answer
94
views
SSH-Agent writing unencrypted keys to swap memory
I have recently set up a computer with full disk encryption, and I decided not to encrypt the swap partition for performance reasons. I have been using ssh-agent on another computer to load my private ...
0
votes
1
answer
93
views
Would there be any utility for multiple clients sharing the same TLS session key?
I was wondering if there is any utility for multiple hosts sharing the same TLS session key. I have come across proxies and the way they intercept TLS connections is to make the client accept its ...
1
vote
1
answer
310
views
GPG can't decrypt my data because of an invalid packet
I have an encrypted data containig some of my data that I am unable to decrypt. It is archived with tar, compressed with gzip and encrypted with gnupg. Today I tried to decrypt it with gpg and it ...
1
vote
1
answer
151
views
Secure Offline Login and Data Encryption with PBKDF2 and AES-256
I'm working on a project that requires offline functionality, including offline login and secure data manipulation. I'd appreciate feedback on my chosen approach and best practices for secure design.
...