Questions tagged [encryption]
Encryption is the process of transforming plaintext using a cipher to make it unreadable to anyone except those possessing the key.
946
questions
184
votes
9
answers
702k
views
How to determine what type of encoding/encryption has been used?
Is there a way to find what type of encryption/encoding is being used?
For example, I am testing a web application which stores the password in the database in an encrypted format (WeJcFMQ/8+8QJ/w0hHh+...
67
votes
21
answers
71k
views
Lessons learned and misconceptions regarding encryption and cryptology
Cryptology is such a broad subject that even experienced coders will almost always make mistakes the first few times around. However encryption is such an important topic, often we can't afford to ...
174
votes
4
answers
154k
views
Where to store a server side encryption key?
I have some data that is symmetrically encrypted with a single key in my database. Rather than hard coding it into my code, I am looking for a safer way to store the encryption key. Where can I safely ...
420
votes
14
answers
69k
views
How is it possible that people observing an HTTPS connection being established wouldn't know how to decrypt it?
I've often heard it said that if you're logging in to a website - a bank, GMail, whatever - via HTTPS, that the information you transmit is safe from snooping by 3rd parties. I've always been a little ...
79
votes
3
answers
12k
views
Are URLs viewed during HTTPS transactions to one or more websites from a single IP distinguishable?
For example, say the following are HTTPS URLs to two websites by one IP over 5 mins:
"A.com/1", "A.com/2", "A.com/3", "B.com/1", "B.com/2".
Would monitoring of packets reveal:
nothing,
reveal only ...
260
votes
12
answers
142k
views
Why are hash functions one way? If I know the algorithm, why can't I calculate the input from it?
Why can't a password hash be reverse engineered?
I've looked into this ages ago and have read lots on it, but I can't find the explanation of why it can't be done. An example will make it easier to ...
120
votes
6
answers
50k
views
Why should one not use the same asymmetric key for encryption as they do for signing?
In an answer to a question about RSA and PGP, PulpSpy noted this:
It is possible to generate an RSA key pair using GPG (for both encryption and signing -- you should not use the same key for both). ...
24
votes
3
answers
2k
views
Solution to the ‘Browser Crypto Chicken-and-Egg Problem’?
From time to time, questions come up in this board concerning web applications that utilize client-side cryptography (or ‘in-browser’ cryptography), where these applications claim to be designed in ...
55
votes
2
answers
83k
views
Decrypting TLS in Wireshark when using DHE_RSA ciphersuites
How can I decrypt TLS messages when an ephemeral Diffie-Hellman ciphersuite is used? I am able to expose the premaster secret and master secret from the SSL Client. Using that, how to decrypt the ...
53
votes
2
answers
11k
views
Digital Certificate deployment: using two certs for each user?
At a large enterprise environment I have come across a deployment approach for Digital Certificates where each user is issued two (2) key pairs:
One for signing documents, emails, etc. that is ...
105
votes
5
answers
67k
views
Is sending password to user email secure?
How secure is sending passwords through email to a user, since email isn't secured by HTTPS.
What is the best way to secure it? Should i use encryption?
101
votes
5
answers
33k
views
How can my employer be a man-in-the-middle when I connect to Gmail? [duplicate]
I'm trying to understand SSL/TLS. What follows are a description of a scenario and a few assumptions which I hope you can confirm or refute.
Question
How can my employer be a man-in-the-middle when ...
48
votes
5
answers
71k
views
openssl: recover key and IV by passphrase
A large amount of files were encrypted by
openssl enc -aes-256-cbc -pass pass:MYPASSWORD
Openssl should derive key+IV from passphrase. I'd like to know key+IV equivalent of that MYPASSWORD. Is ...
22
votes
3
answers
22k
views
Is multiple encryption a good idea?
I know that many encryption algorithms, while secure, have vulnerabilities.
To reduce risks, would multiple encryption like this
Blowfish_CbC ( Rc2_OFB ( AES128_CBC (myfilecontent)))
be a good idea?
...
144
votes
14
answers
48k
views
Is there any technical security reason not to buy the cheapest SSL certificate you can find?
While shopping for a basic SSL cert for my blog, I found that many of the more well-known Certificate Authorities have an entry-level certificate (with less stringent validation of the purchaser's ...