Collaborate Disseminate
My goal is to use JWE with hybrid encryption (ECDH+AES) for exchanging sensitive data with another party. However, the example code I can find for various Java libraries doesn’t match my understanding of how ECDH or asymmetric encryption w… Continue reading How does JOSE/JWE make use of ECDH when encrypting/decrypting messages?
For practice, I write let’s call it a notebook app that stores users’ notes in AES-encrypted form. For encryption, I use a password-based intermediate key technique as described here. Actually, the exact encryption method doesn’t matter he… Continue reading Using hashed trigrams to search over encrypted data
I am trying to write a small explanation for a customer, who wants to understand why his Mifare Desfire transponders are safe from being cloned.
I was trying to search for an easy scheme or text that explains how the authetication process … Continue reading Mifare Desfire authentication process / cloning protection
How to decrypt the plaintext contents of an SSH session from a PCAP file and SSHv2 AES session keys from a memory dump.
I have the full PCAP for the SSH sessions, including the initial handshake and AES session keys from a memory dump of t… Continue reading How to decrypt SSHv2 using AES-256 session keys from memory dump?
I’m the maintainer of pypdf, a Python library for reading/manipulating PDF documents. I recently discovered that pypdf used random instead of secrets for …
Generating the initialization vector (IV) in AES
As part of generating the U-Val… Continue reading Is using weak random numbers for the initialization vector of AES just a theoretical issue?
I have an AES encrypted data and the key, but I am not able to tell the block cipher mode [ECB|CBC|CTR] used in encryption or know the key length.
Below is the encrypted data output in java.
{"encrypt_data":"GorwlI4cdifSjaKM… Continue reading Finding block mode and key length from encrypted data [migrated]
I am working with hardware that can only encrypt with AES. The problem with this is that the message must be publicly verifiable on the blockchain, without the encoding key being exposed. This is the textbook use-case for asymmetrical keys… Continue reading Is it possible to generate a read-only key for a symmetrical encryption (AES)?
Consider i am encrypting a column in a database table with AES. If i leak the information that the column is a hyphen separated Social Security Number thereby revealing each row of the column is of the pattern NNN-NN-NNNN, is this enough … Continue reading Can AES be broken if i know the pattern of the strings encrypted? [migrated]
Consider i am encrypting a column in a database table with AES. If i leak the information that the column is a hyphen separated Social Security Number thereby revealing each row of the column is of the pattern NNN-NN-NNNN, is this enough … Continue reading Can AES be broken if i know the pattern of the strings encrypted? [migrated]
I have the following JavaScript code, is this safe to do?
Generate sibling public/private key pair.
Derive shared key using said key pair.
I am asking this because typically, a shared key is generated using your own private key and someo… Continue reading ECDH algorithm – Is it safe and secure to calculate shared key using sibling public/private key pair? [closed]