cryptography

问题 OK-- thanks to Mike, I was able to get Wincrypt to generate a Diffie-Hellman keypair. I figured out out to export the public key, and how to import the other party's public key. According to the docs, upon import of the other party's public key, the shared secret has been computed. Great. I now need to get ahold of that shared secret, but I don't think its possible. Simply calling CryptExportKey with a type of PLAINTEXTKEYBLOB fails unless I call CryptSetKeyParam to change the algorithm id

问题 I'm currently developing a system to transmit data between client and server, and was wondering what the strength of the encryption I planned to use was. My thought was to have a private/public RSA key pair and hand out the public key to each client (leaving the private key solely on the server). Each client would then generate their own AES key and RSA encrypt it. They would then AES encrypt their data and send the encrypted data and encrypted AES key to the server. The server would then

问题 I have these information: CTR key: 36f18357be4dbd77f050515c73fcf9f2 CTR Ciphertext 1:69dda8455c7dd4254bf353b773304eec0ec7702330098ce7f7520d1cbbb20fc3\ 88d1b0adb5054dbd7370849dbf0b88d393f252e764f1f5f7ad97ef79d59ce29f5f51eeca32eabedd9afa9329 Note that the 16-byte encryption IV is chosen at random and is prepended to the ciphertext. And the text is encrypted with AES in CTR mode. I have to discover the plaintext To do this I have written a short Java program but it doesn't work and I don't find

问题 I've noticed things such as MD5 has been cracked for collisions and is no longer cryptographically secure; use SHA-1 instead. SHA-1 has been cracked for collisions and is no longer cryptographically secure; use SHA-2 instead. From my current understanding, the chance of getting a certain hash h(d) from data d is equal for all hashing results. This implies, then, that the only strengthening mechanism for a hashing algorithm is to return longer hashes. This also implies that all hashes (when

问题 My ultimate goal is to create a URL that is unique and cannot be guessed/predicted. The purpose of this URL is to allow users to perform operations like verifying their email address and resetting their password. These URLs would expire within a set amount of time (currently set to 24 hours). I was originally using a Guid for this purpose, but I now understand this to be somewhere between "just fine" and "very insecure", depending on which expert you listen to. So, I thought I'd beef up my

问题 I want the support of the following cipher suites in TLS using JCA: TLS_PSK_WITH_3DES_EDE_CBC_SHA TLS_PSK_WITH_AES_128_CBC_SHA TLS_PSK_WITH_NULL_SHA TLS_PSK_WITH_AES_128_CBC_SHA256 TLS_PSK_WITH_NULL_SHA256 They are available in JDK7 but not JDK6, neither BouncyCastle. If I want the support in JDK6, could I extends JCA to implement the support of these PSK extensions, using SPI, providers and callback methods of JSSE. I can already redefine or add new cipher implementations on runtime, but I'm

问题 I've been researching bcrypt hashing, and of course one of the large benefits of the scheme its "adaptiveness". However, how is it anymore adaptive than simply increasing the amount of iterations you make over a SHA-1 hash? Say, instead of SHA-1 hashing a value 1000 times, you increase it to 10,000 iterations. Isn't this achieving the same goal? What makes bcrypt more adaptive? 回答1: Making many iterations with a hash function has a few subtleties, because there must be some kind of "salting"

问题 I am trying to compute 8-character short unique random filenames for, let's say, thousands of files without probable name collision. Is this method safe enough? base64.urlsafe_b64encode(hashlib.md5(os.urandom(128)).digest())[:8] Edit To be clearer, I am trying to achieve simplest possible obfuscation of filenames being uploaded to a storage. I figured out that 8-character string, random enough, would be very efficient and simple way to store tens of thousands of files without probable

问题 Due to some implementation detail, I need to split hashing and signature generation. I tried to achieve this using the 'NONEwithRSA' signature algorithm. This is a basic working example: public void rsaSignatureIntegrityTest() { KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA"); gen.initialize(2048, new SecureRandom()); KeyPair pair = gen.generateKeyPair(); byte[] digest = MessageDigest.getInstance("SHA-256").digest(MESSAGE); Signature signer = Signature.getInstance("NONEwithRSA");

问题 Due to some implementation detail, I need to split hashing and signature generation. I tried to achieve this using the 'NONEwithRSA' signature algorithm. This is a basic working example: public void rsaSignatureIntegrityTest() { KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA"); gen.initialize(2048, new SecureRandom()); KeyPair pair = gen.generateKeyPair(); byte[] digest = MessageDigest.getInstance("SHA-256").digest(MESSAGE); Signature signer = Signature.getInstance("NONEwithRSA");