I'm trying to come up with a marginally secure way of storing passwords in a networked application that uses an Access 2010 frontend. To this end, I am attempting to implement Bcrypt's algorithm in Visual Basic for Applications.
I have found that to fetch a random number in Access, one must use Randomize() and Rnd(). However, it seems that the output of these methods are predictable and should not be used for cryptography. Should I just go with it because anything is better than storing passwords in plaintext? Or is there a better solution? Of course, ideally someone else has already written this, but I can't find it.
I've found this SHA-256 digest hashing algorithm implemented in VBA which doesn't appear to use (or need!) random numbers.
Related
I am trying to encrypt using Rijndael 256-bit block size, 256-bit key size, ECB mode and zero's for padding.
I was trying to use OpenSSL::Cipher::AES.new(256, :ECB) but I cannot for the life of me get the correct result I am looking for.
I have a solution in C# but I'm having trouble getting the Ruby equivalent for it.
In the C# code RijndaelManaged is used for encryption and what I'm having trouble with in particular is RijndaelManaged is ok taking in a byte array for the key and the object to be encrypted. I can't find a Ruby library that will do the same for me. OpenSSL::Cipher::AES will only take in strings.
Is there anything similar like this in Ruby? Google has failed me in finding anything and I'm not an encryption guru by any means. Any help or just point me in the right direction would be amazing. I just cannot figure out for the life of me. I have a related SO question to this if anyone wants to take a look. The answer is perfect I just cannot translate it to Ruby.
This question isn't a duplicate. I mean it is similar to the question it is listed as a duplicate of however the answer doesn't help me at all. The answer they link to is a library that uses :cbc but I need :ecb mode for the Rijndael encryption. I agree though the questions are very similar. Just the answer doesn't help me hence me asking this question.
I think the only gem in existence that could accomplish this task for me turned out to be the ruby-mcrypt gem. For any future generations who are in need of a library to encrypt some lesser used and potentially unsafe encryption technique.
I have to check compatibility of a software with systems (os, device, browser, client). Only some of the systems are supported.
We have all 4 paramaters combinations for compatible systems. Given parameters for some system i have to check for its compatibility.
Best i can think of that i allot different os values 0-9, device with values 100,200,..900, similarly for browser 1000,2000,...9000 and for client. Maintain a cache of all valid additions and check for given system from that cache.
Is there any better method? In the above method i can have scalability problem. suggest me some similar algorithms.
To be absolutely sure some combination will work you will have to test it. If you have so many combinations to check that you cannot check each one, you can make assumptions about what is likely to go wrong, and find schemes that give you the most useful test under these assumptions.
If you assume that bugs can always be replicated by combining just two choices (e.g. Windows + device always gives trouble, regardless of browser and client) then you can find a scheme for testing every combination of two choices without testing every combination of everything - see http://en.wikipedia.org/wiki/All-pairs_testing
Use a hash table. Virtually every language has them built in together with methods to serialize them to a file.
You could create some object representing the instance of your class and then hash the object and compare the hash to the hashes of the samples that work. This should solve your scalability issue.
I need some mechanizm of safe storing passwords in database with inverse algorithm(that's why hashing unfortunately does not fit).
Does anyone know about such algorythms and how to realize one of them in PostgreSQL?
May be any secret-key cryptography?
Although I would strongly advice you to be very cautious about what you are trying to accomplish here; yes a secret-key cryptography would be a good solution to your problem.
Fortunately, PostgreSQL provides support for encryption and it can be achieved as easily as this:
Select encrypt (info_to_encrypted, key, algorithm_name);
The topic might be lengthy and thus I'd direct you to check these excellent slides:
Encrypted PostgreSQL
Also please read this very good stackexchange question before you proceed with what you're trying to do.
I think there is no way of storing a password safely with an invertible algorithm, because it is the idea of these algorithms is that everything they encrypt can be decrypted and therefore they will always be unsafe.
I would like to know how one achieves the following signature. I have read online that (al least in the past) researchers will take the "suspected" file the binary code, convert it to assembly, examine it, pick sections of code that appear to be unusual, and identifying the corresponding bytes in the machine code.
But then how is the bellow virus string signature achieved?
MIRC.Julie=6463632073656e6420246e69636b20433a5c57696e646f77735c4a756c696531362c4a50472e636f6d0a0d6e31333d207d0a0d6e31343d200a0d6e31353d206374637020313a70696e673a2f6463632073656e6420246e69636b20433a5c57696e646f77735c4a756c696531362c4a50
Also, (although this might sound completely crazy) that string above must mean something, i can only guess a sequence of actions, actual code, etc. So if it was once "translated" in this form (virus signature) from assembly, is it possible to convert it back?
Just in case you might wonder why am asking what even I think is a weird question. This is why... I am preparing my BSc final year computer science project, and at this point I am wondering whether it would be possible to maybe generate/estimate/evaluate/predict virus signatures by using GA's (Genetic Algorithms). Maybe that will help make my question a bit easier to understand, I hope.
Thanks!
You cannot revert it back because normally virus signatures are encrypted. The way they are obtained is by extracting the binary mallicious code from an executable and then converting it to hexadecimal representation.
Hopefully helps
The virus signature shown is probably dependent on the scanner that generated it. I find it extremely easy to believe that all virus scanners create their signatures in different ways. Without a source, there's no way to explain how it was developed, and even with a source I doubt this is something that AV companies will reveal, since it allows virus developers the opportunity to avoid detection.
"Generate/estimate/evaluate/predict" are four different problems and not all of them are best done with a GA. You need to select your problem before selecting an algorithm.
I am implementing a custo crypto library using the Diffie-Hellman protocol (yes, i know about rsa/ssl/and the likes - i am using it specific purposes) and so far it turned out better than i original expected - using GMP, it's very fast.
My question is, besides the obvious key exchange part, if this protocol can be used for digital signatures as well.
I have looked at quite a few resources online, but so far my search has been fruitless.
Is this at all possible?
Any (serious) ideas are welcome.
Update:
Thanks for the comments. And for the more curious people:
my DH implementation is meant - among other things - to distribute encrypted "resources" to client-side applications. both are, for the most part, my own code.
every client has a DH key pair, and i use it along with my server's public key to generate the shared keys. in turn, i use them for HMACs and symmetric encryption.
DH keys are built anywhere from 128 up to 512 bits, using safe primes as modulus.
I realize how "pure" D-H alone can't be used for signatures, i was hoping for something close to it (or as simple).
It would appear this is feasible: http://www.quadibloc.com/crypto/pk050302.htm.
I would question why you are doing this though. The first rule of implementing crypto is don't implement crypto. There are plenty of libraries that already exist, you would probably be better off leveraging these, crypto code is notoriously hard to get right even if you understand the science behind it.
DSA is the standard way to make digital signatures based on the discrete logarithm problem.
And to answer a potential future question, Ephemeral-static Diffie-Hellman is the standard way to implement asymmetric encryption (to send messages where you know and trust the recipients public key (for example through a certificate), but the recipient does not know your key).