Collaborate Disseminate
I need to encrypt some sensitive fields back and forth in browser and server, same goes for decryption, for this I am planning to implement AES algorith, but the problem here is with secret key which is exposed to the client side.
I got to… Continue reading Wrapped Key Encryption – Hide AES secret key in Javascript & Java
Assuming, I had a ciphertext along with its decrypted plain text result but not the IV or the Secret Key. (keep in mind that the text was encrypted with AES/CBC/PKCSPadding7).
How would I go about changing specific characters in the cipher… Continue reading How to alter text that was encrypted with AES CBC using PKCSPadding7 [migrated]
For context, I’m assuming the attacker knows the format of the key.
Do these two keys have the same strength, or by leaving the hyphens in the key am I reducing the security by a partly-known-key attack?
A: aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaa… Continue reading With AES, does key format make a difference to security?
For PII, we have to encrypt some columns in our DB (All of our infra resides on our own DC, not using any cloud provider).
Now roughly what we are doing is
Created a CMK at AWS.
Generate Data Key using CMK
Store the encrypted key in DB
Fo… Continue reading On what basis to create Data Keys
Suppose Alice and Bob are communicating using a peer-reviewed symmetric encryption algorithm such as AES-256. Bob possesses a private encryption key to decode messages from Alice, but Alice does not have this key.
If Alice has plain text r… Continue reading Symmetric encryption – given plain text, produce cipher text without key
so I was digging into the Whitepaper published by Secura about the Zerologon vulnerability (https://www.secura.com/pathtoimg.php?id=2055) and I was wondering:
is it required that the client challenge will be eight 0x00 bytes for the sessio… Continue reading Zerologon vulnerability (CVE-2020-1472)- does the client challenge have to be eight 0 bytes for the session key to be uniformly distributed?
I’m not a crypto/security expert and have designed an architecture for encryption/decryption. I’m not sure if its full proof and want to know what people use as industry standard?
I’m trying to perform encryption/decryption in RESTful api … Continue reading How to perform encryption/decryption in a RESTful system?
I want to make a mobile app that will act as a Credentials Manager and store all my access information for websites, credit cards, secure notes, and so on on the server encrypted with REST API.
The plan is the following for the client:
Th… Continue reading Review of the design of Credentials Manager app
I want to create Password Manager where users can create their accounts and store website passwords.
For the frontend, it will be a mobile app, but I need REST API as the backend data where the data will be stored.
I thought to encrypt and… Continue reading How to securely design REST API for Password Manager app?
I am creating a chat app. This app contains private messages and channels. These channels include more than one user.
I want to encrypt messages using AES and to transfer the AES key to users of this channel.
I need a secure transport chan… Continue reading how to encrypt and decrypt messages with more than one sender and more than one receiver?