Collaborate Disseminate
Software developers are usually told to ‘never write your own cryptography’, and there definitely are sufficient examples to be found in the past decades of cases where DIY crypto routines …read more Continue reading Why You Should Totally Roll Your Own AES Cryptography
“As bad as Heartbleed”? We heard that concern a week ago, but we think it’s less ungood than that… Continue reading OpenSSL fixes two “one-liner” crypto bugs – what you need to know
What is the probability that an AES encrypted file, using a wrong password, gets decrypted to something different than the plaintext, but which could still be likely to be interpreted an the true plaintext by the attacker? Example:
John D… Continue reading Probability of getting different plaintext with different key
A simple encryption/decryption using CryptoJS gives me a weird output. Can anyone point me to where the code is wrong? (I’m looking for the output in the console)
var code = "Testcode";
var diterations = 1000;
var defaultkeyByte… Continue reading CryptoJS AES encryption/decryption problem
Assume I have two servers which are part of a production environment for a web application which handles sensitive user data. The first server is a ruby on rails application, and the second is a postgresql database. The webapp server symme… Continue reading Is having a seperate server to handle encryption operations a secure way to protect a private key for a web application?
ENCSecurity markets a file encryption system, and it’s used by SanDisk, Sony, Lexar, and probably others. Despite it using AES as its algorithm, its implementation is flawed in multiple ways—and breakable.
The moral is, as it always is, tha… Continue reading Cryptanalysis of ENCSecurity’s Encryption Implementation
I’m having a discussion at work and I want to know the opinion of the community and know if I’m wrong or not.
We have a product that runs on client computers (on-premises) and it uses a local database to store some customer data. We have a… Continue reading Encryption database on app that runs on client side
I am trying to figure out when to use a new IV for an AES-CBC communication and whether my approach is safe.
Here is a quote from Thomas Pornin from a similar question:
So, to sum up: you must choose a new, random IV (with a
cryptographic… Continue reading AES CBC: When to use new IV [migrated]
Another thread addresses the question of what can count as "military-grade encryption." In this case, I see that CyberLink Power2Go software boasts "advanced military-grade 256-bit encryption." TechRadar clarifies that … Continue reading Military-grade encryption on Blu-ray discs?
If the encrypted file is from one of the known formats, such as doc, jpg, mp3, etc., is it possible to reverse engineer it and decrypt it?
I "roughly" know the mechanic behind the AES encryption: Matrix operation, Row shifting, C… Continue reading Is possible to reverse engineer a AES encryption of a known file format?