Home >

secure storage

  • Secure way to hash a lookup valueFebruary 16

    I want to securely store a database table that consists of an account ID and a few columns of sensitive data. The data only has value if it can be associated with the account ID. My thinking is to hash the account ID so it can't be associated with th

  • XTS-AES key managementOctober 23

    XTS-AES uses two keys $(k_1, k_2)$, which are obtained from a concatenated key $k$. Does this key $k$ remain same for the whole disk or changes per sector? --------------Solutions------------- To answer the question we first need to take a quick look

  • Properly storing an E-mail PasswordOctober 14

    I'm creating a messaging application that will use an outlook account to send an email. However, I'm unsure about the proper steps to store the e-mail password on the user's computer. Suppose I had the following code: SmtpClient SmtpServer = new Smtp

  • Is EncFS good for online storage services?September 14

    Conclusion from an EncFS audit: EncFS is probably safe as long as the adversary only gets one copy of the ciphertext and nothing more. EncFS is not safe if the adversary has the opportunity to see two or more snapshots of the ciphertext at different

  • Is there a system where I can securely store a secret value and compare a semi-ambiguous input to it?September 10

    I have an idea for a new kind of mobile phone lock screen. When you first create your pattern, you put together a series of colors and compass directions from the following choices: Red, Blue, Yellow, Green, North, South, East, and West. They can be

  • Is there any equivalent to the apache xml security library for JSON? August 28

    I'm talking about org.apache.xml.security(santurio) Is there any equivalent library that works with JSON and provides the same set of features? (mostly AES-128 with KEK support)

  • Encryption algorithms larger than 256 Bit for "big data" encryption?July 31

    I'm somewhat new to encryption. When looking at encryption programs for big data, I frequently see a maximum of 256 bits. Why do we generally restrict our (symmetric) keys to 256 bits? Can more powerful encryption algorithms be used practically, or i

  • Optimal bandwidth cost for Oblivious RAMMay 4

    Goldreich and Ostrovsky show that any ORAM algorithm must have bandwidth cost $\Omega(logN)$, where $N$ is the total number of blocks outsourced. This is in Theorem C of this paper. But they didn't give any proof for this Theorem. Is there other pape

  • Does Windows CNG store private information using LSA secrets?May 1

    I read that LSA Secrets have the capability of storing data privately, more importantly, ensuring that users without proper permissions cannot access that same data. Windows CNG has security measure like this. When I was reading about the method NCry

  • Attribute-based encryption for cloud storageApril 19

    I'm trying to understand attribute-based encryption schemes. Almost all articles describe that they are designed for cloud storage, but as I understand, almost all computing (encryption & decryption) is performed client-side and not in the cloud. In

  • What is a proof of data possession that accounts for fake mirrors?July 10

    Alice pays Bob $5/month to host a gigantic file for her. She wants to occasionally verify that Bob is actually hosting the file. To do this, she selects random blocks from the file, and challenges Bob to hash those same blocks with her chosen salt. T

  • Storing password or derived key in keychain?February 24

    Currently I am developing an application that stores and reads encrypted data. The data is encrypted with AES and the actual AES key is derived from the users password (and some nonce) with PBKDF2 with many rounds (taking 500ms on my Intel i5-3570).

  • Can passwords be stored securely so that a similarity comparison can be made?February 3

    On the Pro Webmasters StackExchange site, someone asked a question about a webapp (in this case cPanel) that refused to allow a password change because it was too similar to a previous password. I suggested that the app might be storing hashes of por

  • Does there exist a proof-of-retrievability scheme that is publicly-verifiable, limited-use, and does not use homomorphic encryption?January 5

    I find myself wanting to test out a practical implementation of a proof-of-retrievability scheme, simply out of curiosity. These schemes seem to be divided into two variations, publicly-verified and privately-verified. Here's a brief explanation of t

  • Storing the activation status of a product and expire details Android January 3

    In my Android application, it's required to store the activation status of the software and keep track of the activation expire date. What is the best way to store this information? Is it safe to store these information in the SQLite database? Otherw

  • Storage of Private KeysAugust 27

    I'm building a bitcoin web application that will require all users to be assigned a wallet for adding funds to their account. I plan on exposing the public key to the user (the bitcoin address). Users will simply use their exchange or their bitcoin c

Copyright (C) 2017 ceus-now.com, All Rights Reserved. webmaster#ceus-now.com 14 q. 0.315 s.