Questions tagged [cryptography]

62 questions
149
votes
1 answer

What are the advantages and disadvantages of cryptographically signing commits and tags in Git?

So someone peer reviewed my work, and he told me that I should always sign my commits and tags cryptographically. When asked why, he didn't know to explain it to me, and said "It's just a good thing to do". Trying to avoid an obvious chimpanzee…
Madara's Ghost
  • 8,787
  • 9
  • 25
  • 33
41
votes
5 answers

Where to store the private key?

Say I want some parts of my software to be encrypted. For example, the credentials for a database, etc. I need to store those values somewhere, but doing so in cleartext would make it easy for an attacker to gain unauthorised access. However, if I…
Xophmeister
  • 849
  • 1
  • 7
  • 11
29
votes
7 answers

Is there any algorithm pattern to protect any content in the web to ensure I am the first one who created it?

A few years ago there was this hacker (don't remember who he was) that full disclosed a vulnerability in a given system, but to make sure nobody took credit for that, he created some kind of PGP key. What I understood at the time is that he created…
26
votes
7 answers

What should web programmers know about cryptography?

Should programmers who build websites/web applications understand cryptography? I have no idea how most crypographic algorithms work, and I really don't understand the differences between md5/des/aes/etc. Have any of you found any need for an…
davidhaskins
  • 2,158
  • 2
  • 18
  • 26
21
votes
4 answers

Programmers' concerns about export restrictions from the United States

Which aspects do I need to consider when designing and publishing software that must meet the US export restrictions for cryptographic software? Wikipedia says that there are various categories which you can assign to cryptographic software. And the…
caw
  • 215
  • 2
  • 10
16
votes
1 answer

Java Cryptography Extension

I was told that in order to support AES256 encryption inside my Java app that I would need the JCE with Unlimited Strength Jurisdiction Policy Files. I downloaded this from Oracle and unzipped it and I'm only seeing 2 JARs: local_policy.jar;…
herpylderp
  • 2,017
  • 3
  • 21
  • 27
7
votes
3 answers

Using a standard localised data cryptography pattern with an ASP.NET MVC3 application

I have been given the task to rejuvenate an existing Human Resources application from Access into ASP.NET. This is a strictly internal application, and I have no problems developing it within our standard ASP.NET environment. It does however pose…
Tom
  • 221
  • 1
  • 3
7
votes
3 answers

What is an example for a one-way hash function?

I am doing a bit of research on hash functions. I understand the concept that it is an equation that is easy to do one way (you take the number 00011010 for example and do reasonably simple math with it) but the function you use is very difficult to…
user180969
  • 171
  • 1
  • 2
6
votes
7 answers

Generating every combination of a 32 character alpha numeric string?

Is it possible to generate every possible combination of a 32 character alpha numeric string? If so, how long would it take on today's fast computers? My lecturer at university said it's impossible, and I thought "nothing is impossible". Any ideas…
Jack Wilson
  • 71
  • 1
  • 1
  • 3
5
votes
4 answers

Whats safest way to tell if decryption was successful?

I'm making a C program that uses GTK3 (best documentation ever) and OpenSSL (worst documentation ever) to simply encrypt/decrypt a file using a password. The encryption and decryption functions are both working, however if I enter the wrong password…
Dellowar
  • 508
  • 3
  • 13
5
votes
2 answers

How to manage my private key for signing .NET assemblies?

I write open source .NET class libraries as a hobby and thought about signing them. I can get Visual Studio to generate me a password protected public/private key pair and save it as a .pfx file, but I don't think I should do this for each and every…
Daniel A.A. Pelsmaeker
  • 2,715
  • 3
  • 22
  • 27
5
votes
6 answers

How can I prevent users from creating multiple accounts on a web site?

I'm building a site that needs to guarantee user reputation scores are accurate by preventing users from creating more than one account, at the cost of decreased user signups. So far, the only solutions I have thought of are allowing users to: Link…
Alek Storm
  • 151
  • 1
  • 3
4
votes
3 answers

Is it possible to store N bits of unique combinations, in N-1 bits? If not; why does MD5 get reprimanded for collissions?

Regarding cryptography and the issue of collisions, I posed a question as to whether it was ever possible to store every single possible combination of a bit array of a particular size, in a bit array that was at least one bit smaller, with…
Anon
  • 3,565
  • 3
  • 27
  • 45
4
votes
1 answer

Difference between reverse lookup tables and rainbow tables

Using Reverse Lookup Tables, you create a lookup table consisting of the password hash of user accounts. Then you use another table which consists of hashes with guessed passwords. Then you compare the two to see if the hashed password of…
JohnMerlino
  • 248
  • 1
  • 4
  • 9
4
votes
1 answer

What was the earliest use of cryptographic tokens in URLs?

I was wondering: it now seems to be more and more common to see people/framework putting cryptographic tokens in the URLs their webapps are generating (to prevent quite effectively against quite some attacks). It is advised by OWASP etc. However I…
Cedric Martin
  • 1,067
  • 10
  • 16
1
2 3 4 5