From the VIM documentation: The algorithm used is breakable. A 4 character key in about one hour, a 6 character key in one day (on a Pentium 133 PC). This requires that you know some text that must appear in the file. An expert can break it for any key. When the text has been … Read more
The comment by Rory that the proxy would have to use a self-signed cert if not stricltly true. The proxy could be implemented to generate a new cert for each new SSL host it is asked to deal with and sign it with a common root cert. In the OP’s scenario of a corportate environment … Read more
The following will list all the providers and the algorithms supporter. What version of Java are you using? Unless you’re on an old version JCE should be included as standard. import java.security.Provider; import java.security.Security; public class SecurityListings { public static void main(String[] args) { for (Provider provider : Security.getProviders()) { System.out.println(“Provider: ” + provider.getName()); for … Read more
Here’s how I manage to encrypt a string with only a RSA public key. First save the public key in PEM-format to the filename pubkey.pem —–BEGIN PUBLIC KEY—– AJOnAeTfeU4K+do5QdBM2BQUhfrRI2rYf/Gk4… —–END PUBLIC KEY—– Find the public RSA key modulus $ openssl rsa -pubin -in pubkey.pem -modulus -noout Modulus=F56D… Find the public RSA key Exponent $ openssl … Read more
edit jre\lib\security\java.security add security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider copy bc*.jar to jre\lib\ext
As others have said, AES is a symmetric algorithm (private-key cryptography). This involves a single key which is a shared secret between the sender and recipient. An analogy is a locked mailbox without a mail slot. Anybody who wants to leave or read a message needs to have a key to the mailbox. If you … Read more
To save having to visit external links, in C:\Windows\Microsoft.NET\Framework\v4.0.30319 (for .NET 4 / 4.5) aspnet_regiis.exe -pe “connectionStrings” -app “/YourWebSiteName” -prov “DataProtectionConfigurationProvider” To decrypt connectionStrings section using this tool, you can specify following command in aspnet_iisreg.exe tool. aspnet_regiis.exe -pd “connectionStrings” -app “/YouWebSiteName”
Strictly speaking, /dev/random is not really completely random. /dev/random feeds on hardware sources which are assumed to be unpredictible in some way; then it mixes such data using functions (hash functions, mostly) which are also assumed to be one-way. So the “true randomness” of /dev/random is thus relative to the inherent security of the mixing … Read more
So lets say it like: Replace deprecated crypto.createDecipher usage with crypto.createDecipheriv why? because: according to the deprecation docs it was due to security concerns. Using crypto.createCipher() and crypto.createDecipher() should be avoided as they use a weak key derivation function (MD5 with no salt) and static initialization vectors. It is recommended to derive a key using … Read more
Here’s how to do it properly in CBC mode, including PKCS#7 padding: import base64 from Crypto.Cipher import AES from Crypto.Hash import SHA256 from Crypto import Random def encrypt(key, source, encode=True): key = SHA256.new(key).digest() # use SHA-256 over our key to get a proper-sized AES key IV = Random.new().read(AES.block_size) # generate IV encryptor = AES.new(key, AES.MODE_CBC, … Read more