Server Certificates: Server Certificates are identitiy of a Server to presented by it during SSL handshake. Typically they are issued by a certificate authority (CA) well known to client, The basis on which the certificate is issued is possession of some publicly known Identifier of that server, for Webserver its the Hostname of the server, … Read more
Pick a 8 or 9 digit number at random, say 839712541. Then, take your order number’s binary representation (for this example, I’m not using 2’s complement), pad it out to the same number of bits (30), reverse it, and xor the flipped order number and the magic number. For example: 1 = 000000000000000000000000000001 Flip = … Read more
I found a tutorial here but it requires both Secret Key and Public Key to encrypt data. However I’ve modified the codes a bit to only require public key (no signing, no compress) and thought I should publish it here in case anyone also looking for a solution for this question. Belows is the modified … Read more
One organism’s large is another’s petite, though we all know expensive when we see it. Wink, wink. Try benchmarking something like the following in your environment and see where you’re at: EDIT 2/13/2012: The code has been updated as I’ve become (imperceptibly) smarter and also noticed a few cut’n’paste errors that had crept in. Mea … Read more
Peppers: yes you are correct. There is not much additional security achieved with a pepper if you are using salt. Stretches: 12 is reasonable, however bcrypt only ensures a constant time. You should consider using the newer scrypt as it allows you to specify both a constant time and the amount of memory to use. … Read more
Here’s a wild shot in the dark: We’re thinking about protecting the plaintext from the person doing the computation on it. But what if the objective was to protect both the plaintext AND the algorithm? Take, for example, MRI machines. The most expensive part of the MRI machine is the algorithm in which the machine … Read more
PyCrypto should be the one for you. Edit 02/10/2020: unfortunately I cannot delete this post, since it’s the accepted answer. As people pointed out in the comments, this library is not mantained anymore and probably also vulnerable from a security point of view. So please, take a look to the below answers instead.
The iteration count is the number of times that the password is hashed during the derivation of the symmetric key. The higher number, the more difficult it is to validate a password guess and then derive the correct key. It is used together with the salt which is used to prevent against attacks using rainbow … Read more
Here’s a summary of my blog post: How to store a password on Windows? You can use the Data Protection API and its .NET implementation (ProtectedData) to encrypt the password. Here’s an example: public static string Protect(string str) { byte[] entropy = Encoding.ASCII.GetBytes(Assembly.GetExecutingAssembly().FullName); byte[] data = Encoding.ASCII.GetBytes(str); string protectedData = Convert.ToBase64String(ProtectedData.Protect(data, entropy, DataProtectionScope.CurrentUser)); return protectedData; … Read more