Collaborate Disseminate
I am completely stuck and I need to make sure that I am correct. Any help is greatly appreciated.
Based on the cookie, I need to answer these questions:
Select which security features does the cookie provides (select all that apply): anti… Continue reading Authentication Cookie Security Features
Assuming I am using different secrets/keys for each MAC pass, does running both MtE and EtM creates any vulnerability?
This is what I mean about doing MtEtM:
K0 ≠ K1 ≠ K2
addMAC(msg, K) = msg || MAC(msg, K)
ciphertext = addMAC(encrypt(addM… Continue reading Is is safe to use MtEtM? (MAC-then-Encrypt and Encrypt-than-MAC) [migrated]
I am planning to encrypt database fields using AES encryption.
Now, this encrypted data will not transfer over the internet and will reside in our own datacenter only.
From what I read, GCM mode should be the obvious choice for encryption … Continue reading Which one to use AES : GCM vs CBC
I came across a number of somewhat similar solutions, which are based on the knowledge factor related to a symmetric key in particular:
If a party was able to generate correct message authentication code, be it in form of HMAC…
If a par… Continue reading Terminology question – authentication through encryption
While all/majority of AWS APIs requests are signed with HMAC, it is not as prevalent for other APIs in general.
Most likely, the reason is because of the gotchas involved when client has to make the signed API work as they may miss a few h… Continue reading Why HMAC/Signed API requests are not prevalent compared to API keys or JWT based requests
In the Aws scheme of signing a http request with HMAC-SHA Signature you must use a secret key. When wanting to allow access to your API from a third party ,do you have to share the secret key with them too? If yes,how do you distribute the… Continue reading AWS hmac requires the distribution of secret key? [closed]
When Alice and Bob both have the same shared secret to encrypt their data (Diffie-Hellman) and Alice encrypts her data with this key and Bob can decrypt it with the same key, then Bob knows that the message comes from Alice.
So why is stil… Continue reading What is the need of HMAC in Diffie-Hellman?
I happen to have a few hashes generated with code that did this (it has been changed to use a more "standard" bcrypt call):
$ python3
>>> import hmac
>>> hmac.new(b’The quick brown’, b’123456′, digestmod=’sha1′)… Continue reading cracking HMAC-SHA1 when the password and seed are inverted
I’m writing an application that needs to deterministically encrypt some data (where two equal ciphertexts will produce two equal plaintexts; this is acceptable and in fact desirable for this application), and I’d like to stay as far away f… Continue reading Can I HMAC my plaintext for use as a NACL SecretBox nonce?
For one of my student projects, users remotely control a raspberry pi device via an app. This allows them view camera feed and also send out commands remotely.This data needs to be kept secure, Currently, I am trying to setup mac address f… Continue reading How to securely connect and send data between a raspberry pi and an app?