Dev Links |
Author |
Message |
delovski
Joined: 14 Jun 2006 Posts: 3524 Location: Zagreb
|
Posted: Fri Dec 01, 2006 6:42 pm Post subject: Encryption |
|
|
Why use encryption? Why bother with security in the average project?
There's a story that is some sort of anathomy of a security failure, analysis
of a dangerous feature from its rather innocent beginnings.
The Mobile Blog: WiFi Did You Do That?
Mike Calligaro: "... radioactive subject of why WiFi ActiveSync was removed
from ActiveSync 4. We removed it for security reasons."
Desktop ActiveSync wasn’t encrypted! But, how did that happened?
"ActiveSync started out as a way to plug your device directly into your PC
over a serial port. At some point, PCs and Pocket PCs started getting USB
ports. So we modified desktop ActiveSync to talk over USB. At some later
point we ... built in the ability to sync over Ethernet. Later on, though, WiFi
arrived. In the end, WiFi is just a wireless way to do Ethernet, so it pretty
much automatically worked with what we had already built." |
|
Back to top |
|
|
delovski
Joined: 14 Jun 2006 Posts: 3524 Location: Zagreb
|
Posted: Fri Dec 01, 2006 7:03 pm Post subject: |
|
|
Good intro: How Encryption Works, by Jeff Tyson
"Most computer encryption systems belong in one of two categories:
* Symmetric-key encryption
* Public-key encryption
In the following sections, you'll learn about each of these systems." |
|
Back to top |
|
|
delovski
Joined: 14 Jun 2006 Posts: 3524 Location: Zagreb
|
Posted: Mon Dec 04, 2006 10:05 pm Post subject: |
|
|
Dev Shed: Socket Security
"Basically what I do is take some complicated keys and putting them
together followed by a SHA-512 hash of the keys. The remote copy does
the same thing and if the hashed keys match, it performs the action.
Unfortunately right now that means anyone who is sniffing between those
servers can use that key and perform that action with a successful hash
repeatedly." |
|
Back to top |
|
|
delovski
Joined: 14 Jun 2006 Posts: 3524 Location: Zagreb
|
|
Back to top |
|
|
XNote Kapetan
Joined: 16 Jun 2006 Posts: 532
|
Posted: Sun Dec 17, 2006 1:54 am Post subject: |
|
|
hash code generating algorithm
"I am trying to provide some security to text files, by adding a signature
at the end of each text file. This signature needs to be generated by some
kind of hashing algorithm. so while sending the file, i will sign the text file
and at the receiving end, the text file will be checked to make sure that
the hash code matches." |
|
Back to top |
|
|
Ike Kapetan
Joined: 17 Jun 2006 Posts: 3146 Location: Europe
|
Posted: Fri May 11, 2007 2:41 pm Post subject: |
|
|
How to encrypt user passwords, by Daniel Fernandez Garrido
"Almost all modern web applications need, in one way or another, to encrypt
their users' passwords. We could say that, from the moment that an application
has users, and users sign in using a password, these passwords have to be
stored in an encrypted way." |
|
Back to top |
|
|
delovski
Joined: 14 Jun 2006 Posts: 3524 Location: Zagreb
|
Posted: Sat Oct 20, 2007 1:49 pm Post subject: |
|
|
Slashdot: Evidence of Steganography in Real Criminal Cases
"Researchers at Purdue University have found proof that criminals are making
use of steganography in the field. Steganography is the stealth technique of
hiding text or images within image files. Experts say that the wide availability
of free point-and-click steganography tools is making the method of hiding
illicit images and text easier to use.
Not everyone is convinced; some security experts such as Bruce Schneier
have dismissed steganography as too complex and conspicuous for the bad
guys to bother using, especially for inside corporate espionage: 'It doesn't
make sense that someone selling out the company can't just leave with a
USB.'" |
|
Back to top |
|
|
delovski
Joined: 14 Jun 2006 Posts: 3524 Location: Zagreb
|
Posted: Wed Nov 21, 2007 12:04 am Post subject: |
|
|
Slashdot: Using Google To Crack MD5 Passwords
"A security researcher at Cambridge was trying to figure out the password
used by somebody who had hacked his Web site. He tried running a dictionary
through the encryption hash function; no dice. Then he pasted the hacker's
encrypted password into Google, and voila — there was his answer.
Conclusion? Use no password that any other human being has ever used, or
is ever likely to use, for any purpose. I think." |
|
Back to top |
|
|
delovski
Joined: 14 Jun 2006 Posts: 3524 Location: Zagreb
|
Posted: Thu Sep 18, 2008 8:46 am Post subject: |
|
|
JoS: Embedding Basic Cryptography *SIMPLY* in a C++ App?
"I want to encrypt a buffer of data, within a web application, by calling the
appropriate OpenSSL functions. Example: From PHP I would call:
openssl_private_encrypt() to generate the encrypted data, using a private
key (generated by the openssl command line tool)."
...
SO: RSA encryption library for c++
"What Library would you reccomend?" |
|
Back to top |
|
|
delovski
Joined: 14 Jun 2006 Posts: 3524 Location: Zagreb
|
|
Back to top |
|
|
XNote Kapetan
Joined: 16 Jun 2006 Posts: 532
|
Posted: Wed Jun 10, 2009 5:36 pm Post subject: |
|
|
reddit.com - The First Few Milliseconds of an HTTPS Connection
"In the 220 milliseconds that flew by, a lot of interesting stuff happened to
make Firefox change the address bar color and put a lock in the lower right
corner. With the help of Wireshark, my favorite network tool, and a slightly
modified debug build of Firefox, we can see exactly what's going on." |
|
Back to top |
|
|
delovski
Joined: 14 Jun 2006 Posts: 3524 Location: Zagreb
|
Posted: Mon Sep 21, 2009 11:14 pm Post subject: |
|
|
Slashdot: 60 Years of Cryptography, 1949-2009
"2009 marks 60 years since the advent of modern cryptography. It was
back in October 1949 when mathematician Claude Shannon published a
paper on Communication Theory of Secrecy Systems. According to his em-
ployer at the time, Bell Labs, the work transformed cryptography from
an art to a science and is generally considered the foundation of modern
cryptography. Since then significant developments in secure communi-
cations have continued, particularly with the advent of the Internet and
Web.
CIO has a pictorial representation of the past six decades of research and
development in encryption technology. Highlights include the design of the
first quantum cryptography protocol by Charles Bennett and Gilles Bras-
sard in 1984, and the EFF's 'Deep Crack' DES code breaker of 1998." |
|
Back to top |
|
|
Ike Kapetan
Joined: 17 Jun 2006 Posts: 3146 Location: Europe
|
Posted: Sat Oct 31, 2009 8:04 pm Post subject: |
|
|
Marco Peereboom - OpenSSL is written by monkeys
"Recently I got involved in writing some code that requires secure commu-
nications and I figured that there was no better way to get cranking than
to use a well known and widely used library." |
|
Back to top |
|
|
XNote Kapetan
Joined: 16 Jun 2006 Posts: 532
|
Posted: Tue Jan 26, 2010 6:38 pm Post subject: |
|
|
MF - SHA1 and MD5
"Try: % man 3 SHA1
It should give you something that looks somewhat like this:
Code: | #include <openssl/sha.h>
unsigned char *SHA1(const unsigned char *d, unsigned long n,
unsigned char *md); |
% man 3 md5
Then:"
Code: | #include <openssl/md5.h>
unsigned char *MD5(const unsigned char *d, unsigned long n,
unsigned char *md); |
So basically, the function names are "SHA1" and "MD5." |
|
Back to top |
|
|
delovski
Joined: 14 Jun 2006 Posts: 3524 Location: Zagreb
|
Posted: Mon Feb 01, 2010 10:53 pm Post subject: |
|
|
codahale.com - How To Safely Store A Password
"Use bcrypt.
Why Not {MD5, SHA1, SHA256, SHA512, SHA-3, etc}? These are all general
purpose hash functions, designed to calculate a digest of huge amounts of
data in as short a time as possible." |
|
Back to top |
|
|
delovski
Joined: 14 Jun 2006 Posts: 3524 Location: Zagreb
|
Posted: Fri Apr 02, 2010 9:49 pm Post subject: |
|
|
MF - Help with a couple of issues related to NSTask
"Referring to the man page for md5, we see it has three modes of obta-
ining input:
1. -s string
2. file [...]
3. <nothing>
In mode 1, it hashes only the string. In mode 2, it reads and hashes the
contents of the file, or of multiple files if multiple filenames are given. In
mode 3, i.e. the absence of -s string or a filename, it reads its stdin." |
|
Back to top |
|
|
Ike Kapetan
Joined: 17 Jun 2006 Posts: 3146 Location: Europe
|
Posted: Thu Jun 02, 2011 8:39 pm Post subject: |
|
|
MF - help for simple encryption and decryption?
"s there any classes in Cocoa for simple file encryption/decryption? I just
need something I can point at a file on disk and do simple encryption with-
out a password or key and then decode it later." |
|
Back to top |
|
|
Ike Kapetan
Joined: 17 Jun 2006 Posts: 3146 Location: Europe
|
|
Back to top |
|
|
Ike Kapetan
Joined: 17 Jun 2006 Posts: 3146 Location: Europe
|
Posted: Tue Jun 21, 2011 4:20 pm Post subject: |
|
|
Nick Harris - Core Data and Enterprise iPhone Applications
"With the 3GS, any data written to the filesystem is encrypted using hard-
ware encryption. By simply creating the Social_Sites.sqlite file on the file
system, the data stored in it is already encrypted." |
|
Back to top |
|
|
Ike Kapetan
Joined: 17 Jun 2006 Posts: 3146 Location: Europe
|
Posted: Wed Jun 22, 2011 5:01 pm Post subject: |
|
|
Dot Mac - AES interoperability between .Net and iPhone
"One of my projects requires encrypting data on the iPhone and decrypting
it using .Net. This is easy to do with the Common Crypto library in the iPho-
ne SDK and the AesCryptoServiceProvider class in .Net, but the encryption
parameters have to be the same for it to work." |
|
Back to top |
|
|
Ike Kapetan
Joined: 17 Jun 2006 Posts: 3146 Location: Europe
|
Posted: Sun Feb 03, 2013 1:52 am Post subject: |
|
|
so - Objective-C sample code for HMAC-SHA1
Code: | - (NSString *)hmacsha1:(NSString *)data secret:(NSString *)key {
const char *cKey = [key cStringUsingEncoding:NSASCIIStringEncoding];
const char *cData = [data cStringUsingEncoding:NSASCIIStringEncoding];
unsigned char cHMAC[CC_SHA1_DIGEST_LENGTH];
CCHmac(kCCHmacAlgSHA1, cKey, strlen(cKey), cData, strlen(cData), cHMAC);
NSData *HMAC = [[NSData alloc] initWithBytes:cHMAC length:sizeof(cHMAC)];
NSString *hash = [HMAC base64String];
return hash;
} |
|
|
Back to top |
|
|
delovski
Joined: 14 Jun 2006 Posts: 3524 Location: Zagreb
|
Posted: Wed Mar 20, 2013 9:24 pm Post subject: |
|
|
so - iPhone: HTTPS client cert authentication
"I want to load a certificate from a file, fill a credential and run this method:
[[challenge sender] useCredential:[self credential] forAuthenticationChallenge:challenge];" |
|
Back to top |
|
|
Ike Kapetan
Joined: 17 Jun 2006 Posts: 3146 Location: Europe
|
Posted: Fri Jan 31, 2014 2:01 am Post subject: |
|
|
mist.io - Storing user passwords safely in the database
"Today, we are starting a series of security-related posts through our blog,
in an attempt to not only build trust and communicate our security policy
to our users, but also to stimulate discussion and practices around com-
mon security issues. In our first post, we’ll deal with probably the most
common way that attackers gain access to sensitive information: password
recovery." |
|
Back to top |
|
|
Ike Kapetan
Joined: 17 Jun 2006 Posts: 3146 Location: Europe
|
|
Back to top |
|
|
Ike Kapetan
Joined: 17 Jun 2006 Posts: 3146 Location: Europe
|
Posted: Fri May 26, 2017 3:03 pm Post subject: |
|
|
so - How to use NSTask as root?
"Check out STPrivilegedTask, an Objective-C wrapper class around
AuthorizationExecuteWithPrivileges() with an NSTask-like interface." |
|
Back to top |
|
|
Ike Kapetan
Joined: 17 Jun 2006 Posts: 3146 Location: Europe
|
Posted: Mon Oct 16, 2017 6:54 pm Post subject: |
|
|
ars - Millions of high-security crypto keys crippled by newly discovered flaw
"The researchers examined keys used in electronic identity cards issued by
four countries and quickly found two - Estonia and Slovakia - were issuing
documents with fingerprinted keys, both of which were 2048 bits in length,
making them practically factorizable." |
|
Back to top |
|
|
delovski
Joined: 14 Jun 2006 Posts: 3524 Location: Zagreb
|
Posted: Fri Dec 01, 2017 1:17 pm Post subject: |
|
|
tutsplus.com - Securing iOS Data at Rest: Encryption
"In this post, we'll look at advanced uses of encryption for user data in iOS
apps. We'll start with a high-level look at AES encryption, and then go on to
look at some examples of how to implement AES encryption in Swift." |
|
Back to top |
|
|
delovski
Joined: 14 Jun 2006 Posts: 3524 Location: Zagreb
|
Posted: Mon Dec 04, 2017 8:13 pm Post subject: |
|
|
github.com - trezor-crypto/base58.c
Heavily optimized cryptography algorithms for embedded devices. |
|
Back to top |
|
|
Ike Kapetan
Joined: 17 Jun 2006 Posts: 3146 Location: Europe
|
|
Back to top |
|
|
Ike Kapetan
Joined: 17 Jun 2006 Posts: 3146 Location: Europe
|
Posted: Sun Mar 17, 2024 6:04 pm Post subject: |
|
|
apple - Complying with Encryption Export Regulations
"When you submit your app to TestFlight or the App Store, you upload your
app to a server in the United States. If you distribute your app outside the
U.S. or Canada, your app is subject to U.S. export laws, regardless of where
your legal entity is based. If your app uses, accesses, contains, implements,
or incorporates encryption, this is considered an export of encryption software,
which means your app is subject to U.S. export compliance requirements, as
well as the import compliance requirements of the countries where you
distribute your app." |
|
Back to top |
|
|
|