AES – Page 3 – WindowsTechs.com

Assembly routine for AES CBC encrypt

Posted on January 26, 2024 by shawnixer

I’m assuming that OpenSSL is just using these functions here. page 66 is CBC
https://www.intel.com/content/dam/develop/external/us/en/documents/aes-wp-2012-09-22-v01-165683.pdf
Can I just generate a key/iv randomly and pass data off with t… Continue reading Assembly routine for AES CBC encrypt→

Assembly routine for AES CBC encrypt

Posted on January 26, 2024 by shawnixer

Assembly routine for AES CBC encrypt

Posted on January 26, 2024 by shawnixer

Does men in the middle is possible with this code : AES/CBC with HMAC? [closed]

Posted on January 18, 2024 by b210205

public static byte[] encrypt(String message, String password) throws Exception {
SecureRandom rand = new SecureRandom();

try (ByteArrayOutputStream out = new ByteArrayOutputStream()) {
try (DataOutputSt… Continue reading Does men in the middle is possible with this code : AES/CBC with HMAC? [closed]→

Can token decryption endpoint response codes variability lead to security vulnerabilities?

Posted on January 14, 2024 by vetements

To clarify the question, here’s our case:
We generate encrypted tokens by applying AES-CBC (256 bit) and Base64 to payload:
encrypted_token = Base64.encode(AES_CBC_256.encrypt(key, iv, payload)).
These encrypted tokens are publicly availab… Continue reading Can token decryption endpoint response codes variability lead to security vulnerabilities?→

Pitfalls of manual AES encryption for data transfer [migrated]

Posted on January 13, 2024 by TrisT

Context
I’ve used OpenSSL to encrypt some socket communications.
I am however using some functionality from the windows API that prevents me from using OpenSSL’s opaque builtin sockets, so I am buffering through their BIO_s_mem interfaces … Continue reading Pitfalls of manual AES encryption for data transfer [migrated]→

Would this be EPA or AES? [closed]

Posted on January 13, 2024 by DipSew

A security engineer is deploying a new wireless network for a company. The company shares office space with multiple tenants. Which of the following should the engineer configure on the wireless network to ensure that confidential data is … Continue reading Would this be EPA or AES? [closed]→

WinZip AE-2 for small files and AE-1 for larger – how small/how large for each? [closed]

Posted on January 4, 2024 by Michal Charemza

I’m adding password protection/encryption support to a Python package that makes ZIP files (https://github.com/uktrade/stream-zip). I’m opting to not add ZipCrypto support, but instead add WinZip-style AES
From https://www.winzip.com/en/su… Continue reading WinZip AE-2 for small files and AE-1 for larger – how small/how large for each? [closed]→

Current-Based Side-Channel Attacks, Two Ways

Posted on January 4, 2024 by Dan Maloney

Funny things can happen when a security researcher and an electronics engineer specializing in high-speed circuits get together. At least they did when [Limpkin] met [Roman], which resulted in two …read more Continue reading Current-Based Side-Channel Attacks, Two Ways→

MbedTls – keeping context private?

Posted on January 3, 2024 by akimata

Let’s assume we’re running on mbed system with internal and external RAM. Dumping external RAM is much more easier for attacker on such systems when debug ports are locked.
I’m wondering if the context passed to mbedTLS APIs carries any se… Continue reading MbedTls – keeping context private?→