Collaborate Disseminate
I want to exploit this python code (pycryptodome library is used) using the known-plaintext vulnerability of AES in ECB mode:
def get_user_token(name):
cipher = AES.new(key=key, mode=AES.MODE_ECB)
name = name.encode(‘utf-8’).decod… Continue reading Exploit AES-ECB in json.dump() [closed]
I’m working on implementing AES256 encryption for file security and am considering two different strategies:
Using a fixed key with a unique initialization vector (IV) for each file.
Using a unique key with a fixed IV for each file.
Coul… Continue reading Best Practices for AES: Fixed Key with Unique IV vs. Unique Key with Fixed IV
Disclaimer: question orignally posted here but i was encouraged to ask it in this stack instead.
Introduction part
I’m writing an application that requires authentication to be used, specifically the database and config file can only be re… Continue reading Login with roles without internet
I read this answer Ransomware encryption keys and understood how wannacry works. But I still have a question: as I understand, the hacker will put the hacker’s RSA public key in the malware, the victim machine will randomly generate an AES… Continue reading Why Ransomware generate keypair in victim?
NXP has a custom (I think) encryption protocol known as "Leakage-Resistant Primitive", or LRP, built on top of AES. I think the goal of this is to basically "expand" the length of the key being used. This is used on d… Continue reading How Helpful is NXP’s LRP Encryption Protocol vs AES for short keys? [migrated]
For the symetric keys it is recommend that the same key should not be used to encrypt large number(2^32) of cipher blocks to avoid the key-exhaustion risk.
Curious to know whether the asymmetric key also has such a risk? i tried to searc… Continue reading Key Exhaustion Risks in Symmetric and Asymmetric Cryptography [migrated]
I understand that AES-CBC uses the following scheme for encrypting data (diagram from Wikipedia):
And, I understand that we don’t want initialization vectors to be predictable or constant, and also that you don’t want it to just be a plai… Continue reading Using AES-CBC with a random number plus a counter for the IV [migrated]
Context
I have a system where some of user’s data is encrypted via AES. Each user has their own key K. When the user creates an account, the K is generated and encrypted with a key derived from password via PBKDF2 (let’s call this key P). … Continue reading Password-based encryption: keeping the user logged in without entering password again
I want to use AES-GCM-SIV for authenticated encryption of messages in my protocol.
Since it is a wireless protocol I want to transmit as little bytes as possible. For successful decryption I need to transmit the nonce alongside the ciphert… Continue reading What best to put in unused nonce bytes when using AES-GCM-SIV [migrated]
I am attempting to perform real time decryption of TLS 1.3 packets (TLS_AES_256_GCM_SHA384). I have retrieved the mastersecrets for the specific flow by using uprobes on OpenSSL, and matched the mastersecrets to the flow using ClientRandom… Continue reading Real Time Decryption of TLS 1.3 packets Asked today Modified today [closed]