Collaborate Disseminate
In my current project we will have to encrypt a lot of S3 objects (a few billions) with KMS.
Our security department requires that we use KMS keys backed by CloudHSM. But since CloudHSM incurs some non negligeable extra charges in terms of… Continue reading High volume encryption: AWS KMS vs CloudHSM
Alice and Bob use the same password which will be used in a KDF like PBKDF2_HMAC or Argon2id to generate a AES-key. The problem is that Argon2id generates a different output for the same password, resulting in the AES-key being different f… Continue reading Same output of KDF for Alice and Bob?
Alice and Bob use the same password which will be used in a KDF like PBKDF2_HMAC or Argon2id to generate a AES-key. The problem is that Argon2id generates a different output for the same password, resulting in the AES-key being different f… Continue reading Same output of KDF for Alice and Bob?
i want to generate a 12 bytes authentication in AES-GCM. my code only give me an output tag of 16 bytes. i have tried to use the min_tag_length but it rises an error.
can i get your guidance, thank in advance.
import os
from cryptography.h… Continue reading How to get a 12 bytes authentication tag in AES-GCM
I am planning on making a basic groupchat application only for me and my colleagues. It needs to be as secure and anonymous as possible without leaving any fingerprints. Already existing applications cannot be trusted.
This is how I would … Continue reading Implementing a anonymous encrypted peer-to-peer chat [closed]
I had a .zip file that was apparently encrypted with AES-256 deflate.
7z l -slt archive.zip | grep Method
Method = AES-256 Deflate
Then I used zip2john to get a "hash" out of it:
archive.zip/archive/flag.pdf:$zip2$*0*3*0*5e6874b… Continue reading How can I understand the zip2john hash format?
I have some basic questions regarding eIDAS and ‘Advanced Electronic Signatures’.
Say, if I create a product under my company Acme Inc that offers a simple electronic signature where I sign every completed document digitally with a digital… Continue reading Does a signature service provider level digital certificate for electronic signature comply with eIDAS requirement for Advanced Electronic Signatures?
As a hobby project I’m thinking about how to write a secure chat where even all metadata are encrypted so that it is impossible to leak any (meta) information by design.
My basic idea is right now:
Each chat is split in blocks identified b… Continue reading What is the best way to encrypt asymmetric metadata?
When I conduct a mobile pentest, I have run into payload encryption in HTTP traffic. In general, the AES key and IV ( initialization vector) are located in APK, and can be used to encrypt the payload using Burp suite extensions such as AES… Continue reading Bypassing AES encryption if the keys are not in local,but in server
Say I have a remote machine (something like a VPS) that I have no physical access or physical authority over other than a user on it (with root access). However, I’d like to do Time Machine backups on it.
Time Machine is a mac tool for inc… Continue reading Backup to a remote Encrypted APFS drive mounted through Samba. Is this a sound plan?