Questions tagged [encryption]
Encryption is the process of transforming plaintext using a cipher to make it unreadable to anyone except those possessing the key.
5,906
questions
1
vote
1
answer
22
views
ELI5: If SSL encrypts traffic, why does it expire?
SSL, nowadays TLS, encrypts traffic between the server and client. However, the certificate is only valid for a certain period of time until its expiration.
What I don't understand is, why does TLS ...
- 11
1
vote
1
answer
39
views
Is local password recovery for each device a viable security approach?
I'm developing a multi-platform application using Flutter, which involves sensitive user data and requires both online and offline accessibility. To enhance security and usability, I am considering ...
4
votes
2
answers
214
views
How safe are my app's keys inside the TPM against other apps trying to impersonate mine?
This is a follow-up of these two questions about using the TPM to store application's keys. While both have great answers, there is a specific aspect I am missing:
How safe are the keys inside the TPM ...
- 113
2
votes
0
answers
62
views
Searchable encryption for phone numbers
I have a table in Postgres that stores phone numbers. Since phone
numbers are considered PII, I cannot store them as plaintext.
For other PII fields, I use AES-256-CBC. However, the requirements are ...
0
votes
0
answers
31
views
can non-rotatable secrets be stored in ciphertext form in a DB/file/etc.?
We have a service running on AWS. This service uses secrets such as API keys of third party services (in other words: secrets which do not rotate automatically). These secrets are stored in AWS ...
- 101
0
votes
1
answer
106
views
Can we catch signals from a cellphone using AI to interpret the encrypted data?
Would it be possible for someone to steal EM waves from our mobile devices to listen to our conversations or get our OTP?
Whatever encryptions they have they are just EM waves. Based on the patterns ...
6
votes
2
answers
153
views
Use of TPM to encrypt data of my application in practice
I am not very familiar with TPMs, but from what I can tell their main benefit for the user is to make the system as a whole more secure, if you take the appropriate measures, e.g. by checking the boot ...
- 113
0
votes
0
answers
7
views
Implementing end to end encryption (react js , laravel) [migrated]
I need to implement end to end encryption between front (reactjs) and back (laravel). What I try to do is encrypt data in front using package cryptojs, send it using axios to backend, in the backend I ...
2
votes
1
answer
65
views
Are there any motherboards / UEFI that support hardware encryption on SED?
I found that Thinkpads have hdd password support, which in terms uses some bizarre password hashing and ends up with 90 bits of entropy, which is again used as ATA security password to SED, which in ...
- 93
1
vote
0
answers
58
views
OpenSSH 9.6p1: What is the best key type for the ssh-keygen command through the -t option? [duplicate]
The ssh-keygen command to generate the pair of keys files can use the -t option. According to Ubuntu Noble's man ssh-keygen for the mentioned option, it indicates:
-t dsa | ecdsa | ecdsa-sk | ed25519 |...
- 121
0
votes
1
answer
36
views
Assure Deterministic Hashing/Encryption Process can be Replicated if Rebuilt
May I have some guidance for a project I am working on?
These are the requirements:
A Dataset needs to be submitted in a .csv format, delimited by '|'
The Dataset needs to be submitted periodically (...
- 131
0
votes
1
answer
65
views
Is a Three-Layer Post-Quantum Safe VPN Hidden Within Regular IPsec Effective Against Eavesdroppers?
I'm working on designing a VPN that is post-quantum safe while avoiding detection that it uses post-quantum cryptography. The goal is to make the use of post-quantum cryptography indistinguishable to ...
- 693
2
votes
1
answer
693
views
Benefit of splitting and routing/encrypting file packets separately?
I have something of a theoretical question - how much of a cyber benefit would there be to taking data, breaking it up and encrypting it, then sending it to the destination via multiple disparate ...
- 211
4
votes
2
answers
1k
views
Securing HTTP File Transfer over local network
My intention is to transfer files between a computer and a cell phone in the same network. I have created a system consisting of two apps for this purpose (everyone should be able to use the apps): ...
- 41
1
vote
0
answers
40
views
Mutual Authentication after ECDH Exchange with pre-shared secrets
I´m currently building a protocol, in which two parties establish a connection via ECDH Key Establishment. The shared secret after ECDH is used to derivate Keys (with HKDF) for symmetric encryption.
...
- 11
2
votes
1
answer
119
views
Can I add salt to my salt for password hash? [duplicate]
Following this tutorial, I got a bunch of questions with this code :
const crypto = require("crypto")
async function hash(password) {
return new Promise((resolve, reject) => {
...
2
votes
2
answers
130
views
How to Sniff Bluetooth Traffic and Determine Encryption on Fitness Tracker Data?
I am attempting to analyze the Bluetooth communication between a fitness tracker (GOJI ACTIVE GFITBK20 Activity Tracker) and its corresponding application (Goji Active) installed on my Android phone. ...
- 23
4
votes
2
answers
708
views
Omit IV for AES128-CBC when requiring to always get the same ciphertext encrypting random IDs
Imagine having images stored in a system with their 256 bit hash (BLAKE2b) as their unique ID. We want to produce a URL for each image, something like:
https://host/images/cleartext-image-ID
In order ...
- 604
0
votes
0
answers
82
views
NTRU - How is the master key and session key generated?
I am learning the PKC topics and would like to understand about the master and session key generation process regarding NTRU.
Let's make it a scenario, if a user wants to register during the ...
- 9
0
votes
0
answers
29
views
The Boot Process - Sequence of Events, Boot Integrity Checks, and BitLocker OS Volume Encryption
Apologies if any of these questions have been answered previously. Also, apologies for the sheer number of questions asked here. I've done some digging, and have been unable to find a good resource ...
0
votes
3
answers
118
views
Is Homomorphic SQL Query Encryption a good idea - and should I use It?
My web app still needs a lot of work on it in the security department, so I'm considering implementing homomorphic encryption for my SQL database- to help protect from the outcomes of SQLi.
I know the ...
- 1,021
1
vote
1
answer
113
views
Refresh tokens for impersonating user credentials: how to implement them?
The web app I'm developing makes use of the concepts of "access token" and "refresh token", even though it uses its own auth scheme.
In certain situations, the web app needs to get ...
- 125
1
vote
1
answer
127
views
Why does the Signal Protocol use a symmetric key for encryption- when asymmetric keys are more secure? [duplicate]
The Signal Protocol, as many of you would know, is used by many applications such as WhatsApp and Signal. These corporations, I can vouch for, would definitely use the most secure protocol they could- ...
- 1,021
1
vote
1
answer
91
views
Couldn't an HDCP bypass "attack" always be done losslessly, given a known compression algorithm was used?
When DRM-protected video is displayed on an output device, these streams are sometimes saved and re-encoded, resulting in quality loss. However, let's say we can obtain the outputted video in a pixel-...
- 1,271
0
votes
1
answer
80
views
Why is the boot key used to access the encrypted SAM database hashes?
A quick something I’ve been wondering: why is the boot key used to access the encrypted SAM database hashes, (and not another key,) and also what encryption mechanism is actually used to encrypt the ...
- 1,021
0
votes
1
answer
109
views
How does iOS / Android device encryption work?
As far as I'm aware, a locked iOS is considered very safe. No one, who does not know the PIN cannot unlock the phone. While the PIN seems weak on the first glance (4 digits?) it is actually strong, ...
- 6,147
9
votes
5
answers
5k
views
Hash as filename to protect data
Requirement:
Users fill out a form which includes sensitive personal data and need to be able to download the content of this form for a limited time.
Question:
How useful / secure is it to create a ...
- 255
0
votes
2
answers
279
views
Is this solution I have programmed 100% hack-proof?
I have programmed something at work, and I believe it's been done in a way that's effectively 100% hack-proof even if I give full admin rights to the server.
In short, I have some legally sensitive ...
- 29
1
vote
1
answer
222
views
How does TLS-CRYPT-V2 work in OpenVPN?
I am configuring an OpenVPN server and I would like to use TLS-CRYPT-V2. For that, in the documentation, it is said that I have to create a TLS-CRYPT-V2 key for the server and one for each client, ...
- 113
0
votes
0
answers
43
views
How to allow users to securely use their private key to decrypt data in the browser [duplicate]
I'm working on an application where encrypted data can be stored on the server. Users can do this by obtaining public keys from the server, and use them to encrypt data locally before sending it to ...
- 1
1
vote
1
answer
145
views
Hide password from server
I’m a beginner in cryptography and for my first project I use the client’s password to encrypt some data. More specifically, I use the password as passphrase in RSA private key generation). However, I ...
- 25
0
votes
1
answer
76
views
relation passphrase and password-based key derivation
I am not totally sure how the following concepts are related, could someone please explain?
password-based key derivation
passphrase that can be passed to crypto.generateKeyPairSync (in Node.js)
...
- 25
0
votes
0
answers
81
views
Saving access and refresh tokens securely
I have a mobile and backend applications. And I am trying to communicate with Microsoft Graph API and I obtain access and refresh tokens through their OAuth. I get these tokens from my mobile app at ...
- 111
2
votes
1
answer
122
views
Does having 2 different cyphertexts for the same plaintext help an attacker
I'm considering using key rotation for a website. Let's say I generate new keys every month.
In Jan someone saves a URL on their browser, let's say in plaintext it's https://example/12345 encrypted to ...
- 123
4
votes
1
answer
462
views
Find password decryption used in MSSQL
I have the 2 encrypted passwords in my MSSQL database and I'm trying to decrypt it. Here's one of the encrypted password:
E4-68-3F-BE-91-CC-BE-B9-27-4B-18-B1-5F-1B-39-66
The password to the above ...
- 143
0
votes
1
answer
117
views
Why Ransomware generate keypair in victim?
I read this answer Ransomware encryption keys and understood how wannacry works. But I still have a question: as I understand, the hacker will put the hacker's RSA public key in the malware, the ...
- 1
0
votes
1
answer
144
views
Can a VPN company perform a MiTM attack if SSL Pinning is in place?
Recently, I read news about Facebook acquired the Onavo VPN company to monitor Snapchat users' traffic. It seems they executed a Man-in-the-Middle attack by replacing the certificate. But could they ...
0
votes
1
answer
101
views
Secure Transmission of Secret Keys Between Mobile App and API Server
I need to establish a secure method for transmitting shared secret keys between a mobile app and an API server to ensure the integrity of the data.
When initially exchanging shared secret keys, I'am ...
- 3
0
votes
1
answer
58
views
Question about storing salt values and hashed passwords in the database [duplicate]
So I was reading through an article about how passwords are salted and hashed through a cryptographic function here, and found out that hashed passwords, along with the plaintext salt values are ...
0
votes
1
answer
66
views
Storing the hash of the plaintext and the encrypted plaintext next to each other [closed]
I generate a random string of 32 characters and then compute the SHA-512 hash then I encrypt the unhashed string. I then save the encrypted text and hash to the database. Is it okay to store the hash ...
user303389
0
votes
0
answers
20
views
Relation between plain text and encrypted in URL [duplicate]
There are several plain text and encrypted text like:
Plain text
Encrypted text
10101004535
7Za9kHM9OH6tKTrtxy86gw==
10860586924
/nwjXW3MYkcATRS5Xyjx/A==
10480090635
/F0D9ePZffTIiH/P8mK+kw==
...
0
votes
1
answer
94
views
SSH-Agent writing unencrypted keys to swap memory
I have recently set up a computer with full disk encryption, and I decided not to encrypt the swap partition for performance reasons. I have been using ssh-agent on another computer to load my private ...
- 1
0
votes
1
answer
93
views
Would there be any utility for multiple clients sharing the same TLS session key?
I was wondering if there is any utility for multiple hosts sharing the same TLS session key. I have come across proxies and the way they intercept TLS connections is to make the client accept its ...
- 1
1
vote
1
answer
310
views
GPG can't decrypt my data because of an invalid packet
I have an encrypted data containig some of my data that I am unable to decrypt. It is archived with tar, compressed with gzip and encrypted with gnupg. Today I tried to decrypt it with gpg and it ...
- 111
1
vote
1
answer
151
views
Secure Offline Login and Data Encryption with PBKDF2 and AES-256
I'm working on a project that requires offline functionality, including offline login and secure data manipulation. I'd appreciate feedback on my chosen approach and best practices for secure design.
...
- 11
0
votes
2
answers
150
views
Is it possible to send data from an open-source program but make it impossible for a user with source code to do the same?
If I want to store a global scoreboard for a game running locally on the user's computer and I want to make sure that all the requests coming to the server are really generated by the game and not ...
- 135
1
vote
1
answer
61
views
Allow one of many encryption/signature algorithms for single public key certificate
Let's say a user creates their primary gpg key pair for User Name <[email protected]> and selects an encryption and signing algorithm that isn't widely available (think goldilocks). For instance, ...
- 29
0
votes
1
answer
105
views
Encryption without a classic exchange scenario
I am working on a project where I need to securely encrypt and decrypt files on a product without the ability for direct communication or key derivation after the product is sold. The challenge is ...
- 1
0
votes
0
answers
87
views
What are the effective open-source methods for storing and managing encryption keys in a language-agnostic manner when an HSM is unavailable?
When HSMs are not accessible, we often need alternative methods for securely storing and managing encryption keys
What open-source options exist for effectively managing encryption keys in a language-...
- 1
0
votes
1
answer
102
views
Since devices in typical house scenario are exposed to ISP, Do anonimous OS (tails/kodachi/etc) require a different scenario to keep anonymity?
Researching on this topic I found the answer of Conor Mancone for a similar question about whether Can an ISP detect or log specific devices connected to ISP-provided home routers?, which answer was ...
- 101