Skip to main content
Information Security

Questions tagged [encryption]

Ask Question

Encryption is the process of transforming plaintext using a cipher to make it unreadable to anyone except those possessing the key.

5,906 questions
Newest Active Bountied Unanswered
1 vote
1 answer
145 views

Hide password from server

I’m a beginner in cryptography and for my first project I use the client’s password to encrypt some data. More specifically, I use the password as passphrase in RSA private key generation). However, I ...
yolooow's user avatar
yolooow
  • 25
0 votes
1 answer
76 views

relation passphrase and password-based key derivation

I am not totally sure how the following concepts are related, could someone please explain? password-based key derivation passphrase that can be passed to crypto.generateKeyPairSync (in Node.js) ...
yolooow's user avatar
yolooow
  • 25
0 votes
0 answers
81 views

Saving access and refresh tokens securely

I have a mobile and backend applications. And I am trying to communicate with Microsoft Graph API and I obtain access and refresh tokens through their OAuth. I get these tokens from my mobile app at ...
wasilikoslow's user avatar
wasilikoslow
  • 111
2 votes
1 answer
122 views

Does having 2 different cyphertexts for the same plaintext help an attacker

I'm considering using key rotation for a website. Let's say I generate new keys every month. In Jan someone saves a URL on their browser, let's say in plaintext it's https://example/12345 encrypted to ...
Adam Benson's user avatar
Adam Benson
  • 123
4 votes
1 answer
462 views

Find password decryption used in MSSQL

I have the 2 encrypted passwords in my MSSQL database and I'm trying to decrypt it. Here's one of the encrypted password: E4-68-3F-BE-91-CC-BE-B9-27-4B-18-B1-5F-1B-39-66 The password to the above ...
Elaine Byene's user avatar
Elaine Byene
  • 143
0 votes
1 answer
117 views

Why Ransomware generate keypair in victim?

I read this answer Ransomware encryption keys and understood how wannacry works. But I still have a question: as I understand, the hacker will put the hacker's RSA public key in the malware, the ...
Thanh's user avatar
Thanh
  • 1
0 votes
1 answer
144 views

Can a VPN company perform a MiTM attack if SSL Pinning is in place?

Recently, I read news about Facebook acquired the Onavo VPN company to monitor Snapchat users' traffic. It seems they executed a Man-in-the-Middle attack by replacing the certificate. But could they ...
Robert Zunr's user avatar
Robert Zunr
  • 3
0 votes
1 answer
101 views

Secure Transmission of Secret Keys Between Mobile App and API Server

I need to establish a secure method for transmitting shared secret keys between a mobile app and an API server to ensure the integrity of the data. When initially exchanging shared secret keys, I'am ...
Mason's user avatar
Mason
  • 3
0 votes
1 answer
58 views

Question about storing salt values and hashed passwords in the database [duplicate]

So I was reading through an article about how passwords are salted and hashed through a cryptographic function here, and found out that hashed passwords, along with the plaintext salt values are ...
mantot123's user avatar
mantot123
  • 1
0 votes
1 answer
66 views

Storing the hash of the plaintext and the encrypted plaintext next to each other [closed]

I generate a random string of 32 characters and then compute the SHA-512 hash then I encrypt the unhashed string. I then save the encrypted text and hash to the database. Is it okay to store the hash ...
user avatar
user303389
0 votes
0 answers
20 views

Relation between plain text and encrypted in URL [duplicate]

There are several plain text and encrypted text like: Plain text Encrypted text 10101004535 7Za9kHM9OH6tKTrtxy86gw== 10860586924 /nwjXW3MYkcATRS5Xyjx/A== 10480090635 /F0D9ePZffTIiH/P8mK+kw== ...
user23773373's user avatar
user23773373
  • 1
0 votes
1 answer
94 views

SSH-Agent writing unencrypted keys to swap memory

I have recently set up a computer with full disk encryption, and I decided not to encrypt the swap partition for performance reasons. I have been using ssh-agent on another computer to load my private ...
rcomeau's user avatar
rcomeau
  • 1
0 votes
1 answer
93 views

Would there be any utility for multiple clients sharing the same TLS session key?

I was wondering if there is any utility for multiple hosts sharing the same TLS session key. I have come across proxies and the way they intercept TLS connections is to make the client accept its ...
imawful's user avatar
imawful
  • 1
1 vote
1 answer
310 views

GPG can't decrypt my data because of an invalid packet

I have an encrypted data containig some of my data that I am unable to decrypt. It is archived with tar, compressed with gzip and encrypted with gnupg. Today I tried to decrypt it with gpg and it ...
Nicolas Dumitru's user avatar
Nicolas Dumitru
  • 111
1 vote
1 answer
151 views

Secure Offline Login and Data Encryption with PBKDF2 and AES-256

I'm working on a project that requires offline functionality, including offline login and secure data manipulation. I'd appreciate feedback on my chosen approach and best practices for secure design. ...
almog bar-el's user avatar
almog bar-el
  • 11

15 30 50 per page
1 2
3
4 5
394