v_slav.b – WindowsTechs.com

Password-based encryption: keeping the user logged in without entering password again

Posted on March 12, 2024 by v_slav.b

Context
I have a system where some of user’s data is encrypted via AES. Each user has their own key K. When the user creates an account, the K is generated and encrypted with a key derived from password via PBKDF2 (let’s call this key P). … Continue reading Password-based encryption: keeping the user logged in without entering password again→

What are the threats of using hashing functions that are built into the DBMS? (besides man-in-the-middle attacks)

Posted on May 5, 2023 by v_slav.b

There are functions like MD5 and SHA2 in MySQL which can be used to hash values before putting them into the database, or when searching over values.
As I proposed a possible solution in a comment to this answer to a question, I was told t… Continue reading What are the threats of using hashing functions that are built into the DBMS? (besides man-in-the-middle attacks)→

Using hashed trigrams to search over encrypted data

Posted on April 28, 2023 by v_slav.b

For practice, I write let’s call it a notebook app that stores users’ notes in AES-encrypted form. For encryption, I use a password-based intermediate key technique as described here. Actually, the exact encryption method doesn’t matter he… Continue reading Using hashed trigrams to search over encrypted data→