Igor Delovski Board Forum Index Igor Delovski Board
My Own Personal Slashdot!
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Encryption

 
Post new topic   Reply to topic    Igor Delovski Board Forum Index -> Dev Links
Dev Links  
Author Message
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Fri Dec 01, 2006 6:42 pm    Post subject: Encryption Reply with quote

Why use encryption? Why bother with security in the average project?
There's a story that is some sort of anathomy of a security failure, analysis
of a dangerous feature from its rather innocent beginnings.

The Mobile Blog: WiFi Did You Do That?

Mike Calligaro: "... radioactive subject of why WiFi ActiveSync was removed
from ActiveSync 4. We removed it for security reasons."


Desktop ActiveSync wasn’t encrypted! But, how did that happened?

"ActiveSync started out as a way to plug your device directly into your PC
over a serial port. At some point, PCs and Pocket PCs started getting USB
ports. So we modified desktop ActiveSync to talk over USB. At some later
point we ... built in the ability to sync over Ethernet. Later on, though, WiFi
arrived. In the end, WiFi is just a wireless way to do Ethernet, so it pretty
much automatically worked with what we had already built."
Back to top
View user's profile Send private message Visit poster's website
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Fri Dec 01, 2006 7:03 pm    Post subject: Reply with quote

Good intro: How Encryption Works, by Jeff Tyson

"Most computer encryption systems belong in one of two categories:

* Symmetric-key encryption
* Public-key encryption

In the following sections, you'll learn about each of these systems."
Back to top
View user's profile Send private message Visit poster's website
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Mon Dec 04, 2006 10:05 pm    Post subject: Reply with quote

Dev Shed: Socket Security

"Basically what I do is take some complicated keys and putting them
together followed by a SHA-512 hash of the keys. The remote copy does
the same thing and if the hashed keys match, it performs the action.

Unfortunately right now that means anyone who is sniffing between those
servers can use that key and perform that action with a successful hash
repeatedly."
Back to top
View user's profile Send private message Visit poster's website
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Wed Dec 06, 2006 6:10 pm    Post subject: Reply with quote

Product Keys Based on the Advanced Encryption Standard (AES)
A Compact Product Key System Based on AES and Crypto++,
by Jeffrey Walton at CodeGuru

"This article will discuss the following topics:

* Advanced Encryption Standard
* Compiling and Integrating Crypto++ into the Visual C++ Environment
* AES Implementation in Crypto++
* Base Encoding a Cipher Text String in Crypto++
* Bulk Product Key Generation
* Product Key Validation"


Related: Compiling and Integrating Crypto++ into the Microsoft Visual C++ Environment
Back to top
View user's profile Send private message Visit poster's website
XNote
Kapetan


Joined: 16 Jun 2006
Posts: 532

PostPosted: Sun Dec 17, 2006 1:54 am    Post subject: Reply with quote

hash code generating algorithm

"I am trying to provide some security to text files, by adding a signature
at the end of each text file. This signature needs to be generated by some
kind of hashing algorithm. so while sending the file, i will sign the text file
and at the receiving end, the text file will be checked to make sure that
the hash code matches."
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Fri May 11, 2007 2:41 pm    Post subject: Reply with quote

How to encrypt user passwords, by Daniel Fernandez Garrido

"Almost all modern web applications need, in one way or another, to encrypt
their users' passwords. We could say that, from the moment that an application
has users, and users sign in using a password, these passwords have to be
stored in an encrypted way."
Back to top
View user's profile Send private message
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Sat Oct 20, 2007 1:49 pm    Post subject: Reply with quote

Slashdot: Evidence of Steganography in Real Criminal Cases

"Researchers at Purdue University have found proof that criminals are making
use of steganography in the field. Steganography is the stealth technique of
hiding text or images within image files. Experts say that the wide availability
of free point-and-click steganography tools is making the method of hiding
illicit images and text easier to use.

Not everyone is convinced; some security experts such as Bruce Schneier
have dismissed steganography as too complex and conspicuous for the bad
guys to bother using, especially for inside corporate espionage: 'It doesn't
make sense that someone selling out the company can't just leave with a
USB.'"
Back to top
View user's profile Send private message Visit poster's website
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Wed Nov 21, 2007 12:04 am    Post subject: Reply with quote

Slashdot: Using Google To Crack MD5 Passwords

"A security researcher at Cambridge was trying to figure out the password
used by somebody who had hacked his Web site. He tried running a dictionary
through the encryption hash function; no dice. Then he pasted the hacker's
encrypted password into Google, and voila — there was his answer.

Conclusion? Use no password that any other human being has ever used, or
is ever likely to use, for any purpose. I think."
Back to top
View user's profile Send private message Visit poster's website
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Thu Sep 18, 2008 8:46 am    Post subject: Reply with quote

JoS: Embedding Basic Cryptography *SIMPLY* in a C++ App?

"I want to encrypt a buffer of data, within a web application, by calling the
appropriate OpenSSL functions. Example: From PHP I would call:
openssl_private_encrypt() to generate the encrypted data, using a private
key (generated by the openssl command line tool)."


...

SO: RSA encryption library for c++

"What Library would you reccomend?"
Back to top
View user's profile Send private message Visit poster's website
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Fri May 29, 2009 4:19 pm    Post subject: Reply with quote

MF - Is there library in iPhone 2.2 SDK for SHA encryption

"Does iphone SDK support SHA encryption and decryption algorithms?"
Back to top
View user's profile Send private message Visit poster's website
XNote
Kapetan


Joined: 16 Jun 2006
Posts: 532

PostPosted: Wed Jun 10, 2009 5:36 pm    Post subject: Reply with quote

reddit.com - The First Few Milliseconds of an HTTPS Connection

"In the 220 milliseconds that flew by, a lot of interesting stuff happened to
make Firefox change the address bar color and put a lock in the lower right
corner. With the help of Wireshark, my favorite network tool, and a slightly
modified debug build of Firefox, we can see exactly what's going on."
Back to top
View user's profile Send private message
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Mon Sep 21, 2009 11:14 pm    Post subject: Reply with quote

Slashdot: 60 Years of Cryptography, 1949-2009

"2009 marks 60 years since the advent of modern cryptography. It was
back in October 1949 when mathematician Claude Shannon published a
paper on Communication Theory of Secrecy Systems. According to his em-
ployer at the time, Bell Labs, the work transformed cryptography from
an art to a science and is generally considered the foundation of modern
cryptography. Since then significant developments in secure communi-
cations have continued, particularly with the advent of the Internet and
Web.

CIO has a pictorial representation of the past six decades of research and
development in encryption technology. Highlights include the design of the
first quantum cryptography protocol by Charles Bennett and Gilles Bras-
sard in 1984, and the EFF's 'Deep Crack' DES code breaker of 1998."
Back to top
View user's profile Send private message Visit poster's website
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Sat Oct 31, 2009 8:04 pm    Post subject: Reply with quote

Marco Peereboom - OpenSSL is written by monkeys

"Recently I got involved in writing some code that requires secure commu-
nications and I figured that there was no better way to get cranking than
to use a well known and widely used library."
Back to top
View user's profile Send private message
XNote
Kapetan


Joined: 16 Jun 2006
Posts: 532

PostPosted: Tue Jan 26, 2010 6:38 pm    Post subject: Reply with quote

MF - SHA1 and MD5

"Try: % man 3 SHA1

It should give you something that looks somewhat like this:

Code:
        #include <openssl/sha.h>

        unsigned char *SHA1(const unsigned char *d, unsigned long n,
                         unsigned char *md);


% man 3 md5

Then:"

Code:
        #include <openssl/md5.h>

        unsigned char *MD5(const unsigned char *d, unsigned long n,
                         unsigned char *md);


So basically, the function names are "SHA1" and "MD5."
Back to top
View user's profile Send private message
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Mon Feb 01, 2010 10:53 pm    Post subject: Reply with quote

codahale.com - How To Safely Store A Password

"Use bcrypt.

Why Not {MD5, SHA1, SHA256, SHA512, SHA-3, etc}? These are all general
purpose hash functions, designed to calculate a digest of huge amounts of
data in as short a time as possible."
Back to top
View user's profile Send private message Visit poster's website
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Fri Apr 02, 2010 9:49 pm    Post subject: Reply with quote

MF - Help with a couple of issues related to NSTask

"Referring to the man page for md5, we see it has three modes of obta-
ining input:
1. -s string
2. file [...]
3. <nothing>
In mode 1, it hashes only the string. In mode 2, it reads and hashes the
contents of the file, or of multiple files if multiple filenames are given. In
mode 3, i.e. the absence of -s string or a filename, it reads its stdin."
Back to top
View user's profile Send private message Visit poster's website
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Thu Jun 02, 2011 8:39 pm    Post subject: Reply with quote

MF - help for simple encryption and decryption?

"s there any classes in Cocoa for simple file encryption/decryption? I just
need something I can point at a file on disk and do simple encryption with-
out a password or key and then decode it later."
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Tue Jun 21, 2011 4:13 pm    Post subject: Reply with quote

Stephen Lombardo - Mass Market Encryption CCATS Commodity Clas-
sification for iPhone Applications in 8 Easy Steps


"If an application is using encryption technology then it’s necessary to provi-
de documentation to Apple that demonstrates review by the Department of
Commerce (DOC) Bureau of Industry and Security (BIS) and classification
of the application a mass market encryption item."
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Tue Jun 21, 2011 4:20 pm    Post subject: Reply with quote

Nick Harris - Core Data and Enterprise iPhone Applications

"With the 3GS, any data written to the filesystem is encrypted using hard-
ware encryption. By simply creating the Social_Sites.sqlite file on the file
system, the data stored in it is already encrypted."
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Wed Jun 22, 2011 5:01 pm    Post subject: Reply with quote

Dot Mac - AES interoperability between .Net and iPhone

"One of my projects requires encrypting data on the iPhone and decrypting
it using .Net. This is easy to do with the Common Crypto library in the iPho-
ne SDK and the AesCryptoServiceProvider class in .Net, but the encryption
parameters have to be the same for it to work."
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Sun Feb 03, 2013 1:52 am    Post subject: Reply with quote

so - Objective-C sample code for HMAC-SHA1

Code:
- (NSString *)hmacsha1:(NSString *)data secret:(NSString *)key {

    const char *cKey  = [key cStringUsingEncoding:NSASCIIStringEncoding];
    const char *cData = [data cStringUsingEncoding:NSASCIIStringEncoding];

    unsigned char cHMAC[CC_SHA1_DIGEST_LENGTH];

    CCHmac(kCCHmacAlgSHA1, cKey, strlen(cKey), cData, strlen(cData), cHMAC);

    NSData *HMAC = [[NSData alloc] initWithBytes:cHMAC length:sizeof(cHMAC)];

    NSString *hash = [HMAC base64String];

    return hash;
}
Back to top
View user's profile Send private message
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Wed Mar 20, 2013 9:24 pm    Post subject: Reply with quote

so - iPhone: HTTPS client cert authentication

"I want to load a certificate from a file, fill a credential and run this method:

[[challenge sender] useCredential:[self credential] forAuthenticationChallenge:challenge];"
Back to top
View user's profile Send private message Visit poster's website
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Fri Jan 31, 2014 2:01 am    Post subject: Reply with quote

mist.io - Storing user passwords safely in the database

"Today, we are starting a series of security-related posts through our blog,
in an attempt to not only build trust and communicate our security policy
to our users, but also to stimulate discussion and practices around com-
mon security issues. In our first post, we’ll deal with probably the most
common way that attackers gain access to sensitive information: password
recovery."
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Sun Mar 12, 2017 12:42 am    Post subject: Reply with quote

https://www.nytimes.com/aponline/2017/03/11/technology/ap-us-tec-wikileaks-cia-tech-encryption.html


If the tech industry is drawing one lesson from the latest WikiLeaks disclosures, it's that data-scrambling encryption works, and the industry should use more of it.
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Fri May 26, 2017 3:03 pm    Post subject: Reply with quote

so - How to use NSTask as root?

"Check out STPrivilegedTask, an Objective-C wrapper class around
AuthorizationExecuteWithPrivileges() with an NSTask-like interface."
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Mon Oct 16, 2017 6:54 pm    Post subject: Reply with quote

ars - Millions of high-security crypto keys crippled by newly discovered flaw

"The researchers examined keys used in electronic identity cards issued by
four countries and quickly found two - Estonia and Slovakia - were issuing
documents with fingerprinted keys, both of which were 2048 bits in length,
making them practically factorizable."
Back to top
View user's profile Send private message
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Fri Dec 01, 2017 1:17 pm    Post subject: Reply with quote

tutsplus.com - Securing iOS Data at Rest: Encryption

"In this post, we'll look at advanced uses of encryption for user data in iOS
apps. We'll start with a high-level look at AES encryption, and then go on to
look at some examples of how to implement AES encryption in Swift."
Back to top
View user's profile Send private message Visit poster's website
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Mon Dec 04, 2017 8:13 pm    Post subject: Reply with quote

github.com - trezor-crypto/base58.c

Heavily optimized cryptography algorithms for embedded devices.
Back to top
View user's profile Send private message Visit poster's website
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Wed Oct 09, 2019 10:58 pm    Post subject: Reply with quote

https://old.reddit.com/r/iOSProgramming/comments/dffn6s/common_cryptographic_operations_with_cryptokit/

Common Cryptographic Operations with CryptoKit
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Sun Mar 17, 2024 6:04 pm    Post subject: Reply with quote

apple - Complying with Encryption Export Regulations

"When you submit your app to TestFlight or the App Store, you upload your
app to a server in the United States. If you distribute your app outside the
U.S. or Canada, your app is subject to U.S. export laws, regardless of where
your legal entity is based. If your app uses, accesses, contains, implements,
or incorporates encryption, this is considered an export of encryption software,
which means your app is subject to U.S. export compliance requirements, as
well as the import compliance requirements of the countries where you
distribute your app."
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Igor Delovski Board Forum Index -> Dev Links All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Delovski.hr
Powered by php-B.B. © 2001, 2005 php-B.B. Group