Collaborate Disseminate
I see that HTTPS uses symmetric encryption for the file transfer, often AES. I also read that AES uses padding to help obfuscate the data itself. Though I am curious how powerful that padding is when downloading files.
If a server has a pu… Continue reading Is it possible to eavesdrop HTTPS encryptions by file size?
I’m developing a device that will require ownership proof to activate HOTP authorizations.
The HOTP codes will be used in the BLE bonding between the device and the owner’s phone.
I came up with the following scheme:
Upon fabrication, the … Continue reading Ownership proof scheme
I need to write a Python script to occasionally encrypt some small text files (~10 Kb)
in order to store them in an insecure environment.
Each file will be encrypted via unique symmetric key and AES 256 CTR cipher.
The key and CTR nonce wi… Continue reading File encryption with Python and AES
I’m designing a password vault that’s accessible to clients through an existing web application. The clients are small, (and mostly non-technical) businesses that aren’t using password managers, but are using this existing application that… Continue reading Design of a web based password vault
I would like to know what encryption 1Password uses.
On the About the 1Password security model page, it says:
Your 1Password data is kept safe by AES-GCM-256 authenticated encryption. The data you entrust to 1Password is effectively impos… Continue reading What algorithm does 1Password use for encryption, AES-GCM-256 or AES-CBC-256?
It’s the first time I’m using encryption in MariaDB, so I need to assure that I’m getting it right. I need to simply store some identifiers in an encrypted way, and am wondering if I’m doing it correctly. As I’m getting some unexpected beh… Continue reading Properly encrypt data fields in MariaDB
I need to decrypt (using Python libs) a base64 encoded string that was encrypted using AES256/CBC/PKCS7:
MIAGCSqGSIb3DQEHA6CAMIACAQIxggEwMIIBLAIBAoAUWwUA8cj6Bdcph9HPtFRinZS+SkwwDQYJKoZIhvcNAQEBBQAEggEAY0azbeMRqaktA3LL0HgC4XmZEfIu81nUsjm1r7… Continue reading Python: Read RSA private key from file on disk and use it to create an AES Cipher [migrated]
I am coding an online password manager as part of my apprenticeship.
I have already coded the full backend to synchronize the encrypted data and a frontend that encrypts and decrypts data with AES. So far, no secrets are shared with the ba… Continue reading How to be sure there are only encrypted data on my backend
We are serving static content over the internet, and have a business requirement that the data must be encrypted at rest. Currently it is stored in AWS S3, where it can be accessed by authorized clients over HTTP. We could proxy this throu… Continue reading Do I need to use TLS if data is already encrypted and gets decrypted client-side?
We are employing an AES-CCM 128-bit stream-cipher with 7-Byte Nonces and 12-Byte Authentication Tags in a communication protocol. Up until this point there was no need to use Additional Authenticated Data (AAD) in this protocol, as all tra… Continue reading Is it safe to use AES-CCM only for authentication – i.e. for sending AAD without encrypted data?