AES does not expand data. Moreover, the output will not generally be compressible; if you intend to compress your data, do so before encrypting it. However, note that AES encryption is usually combined with padding, which will increase the size of the data (though only by a few bytes).
The reasons those secret keys were so easily discovered is because they were hidden in software. Avoid hiding secrets in software at all cost – obfuscation will only get you so far. Ask yourself this: How well can I hide a key in software from someone with full access to the disassembly, user mode and … Read more
Entropy is not a property of the string you got, but of the strings you could have obtained instead. In other words, it qualifies the process by which the string was generated. In the simple case, you get one string among a set of N possible strings, where each string has the same probability of … Read more
Looking at OpenSSL sources, this can happen only if padding in encrypted data is invalid. Does this happen with different keys, and can you provide a sample one? And, what tool is used to generate such keys (i.e. the same OpenSSL or not)? Probably, it omits padding/or writes zero padding instead of correct one.
Yes, you will need to transfer the keys. Mac and Linux work the same, storing the keys in ~/.gnupg. The safest way to transfer the files is using scp (part of ssh): scp -rp ~/.gnupg othermachine: However, you will need to have ssh working first. Transferring them with, say, a USB flash drive isn’t such … Read more
Fundamentally different. SHA1 is a hash algorithm, which is a one way function, turning an input of any size into a fixed-length output (160 bit in this case). A cryptographic hash function is one for which it should not be possible to find two inputs giving the same output except by brute force (for instance, … Read more
Compress first. Once you encrypt the file you will generate a stream of seemingly random data, which will be not be compressible. The compression process depends on finding compressible patterns in the data.
Official document of Crypto++ AES is a good start. And from my archive, a basic implementation of AES is as follows: Please refer here with more explanation, I recommend you first understand the algorithm and then try to understand each line step by step. #include <iostream> #include <iomanip> #include “modes.h” #include “aes.h” #include “filters.h” int … Read more
A cryptographically secure number random generator, as you might use for generating encryption keys, works by gathering entropy – that is, unpredictable input – from a source which other people can’t observe. For instance, /dev/random(4) on Linux collects information from the variation in timing of hardware interrupts from sources such as hard disks returning data, … Read more
It’s quite difficult to compare SSL/TLS and SASL, because SSL/TLS is a communication protocol, whereas SASL is a framework, integrated with other protocols. (In fact, you can use both at the same time in some circumstances.) In addition, you’re mentioning Kerberos, which is indeed an authentication protocol (which can be used with SSL/TLS or SASL … Read more