I got a file that seems to not have anything readable into it (for a human)
How can I be sure that it hasn't anything readable for a human? Because it's way too large to read it entirely (maybe a program that searches for words or entropy or I don't know.)
How can I know if this file is compressed or encrypted, or both? And is it possible that it has a proprietary compression so I can't distinguish it from encryption?
Because if I can make sure that it's encrypted, I can stop my work directly, but if it's just encoded/compressed, maybe I can find a way to read it
(I tried to compress it with the basic Windows archiver and it loses 18% of its size. Does it mean that it's not encrypted? Does an encryption permit that much compression?)
Yes, it is certainly possible to create a compression format for which all possible sequences of bits is valid. In that case, you would not be able to distinguish the compressed data from random or encrypted data.
I am not aware of a commonly implemented compressed format that has that property. You could try all of the decompressors you can find on the data to see if any continue to decompress through all of the data without erroring out. You can also try starting at different locations in your data, since there may be some sort of header before the compressed data.
Online Decryption
If you would like to decrypt the file. You could simply copy and paste everything inside of https://online-toolz.com/tools/text-encryption-decryption.php
that feature can decrypt messages fast.
Encoder & Decoder
https://www.base64decode.org/
I found this website a while ago, this website is trusted and fast with great reviews.
This method can also help with your request.
Related
I'm using libsodium to encrypt files with xchacha20poly1305 construct. I got everything working correctly by following documentation (https://download.libsodium.org/doc/secret-key_cryptography/secretstream.html) but now I'm wondering about the role of header data.
crypto_secretstream_xchacha20poly1305_init_pull requires the header from crypto_secretstream_xchacha20poly1305_state that was used when the data was encrypted so how should I treat the header data? Is it same as AES' iv/nonce that it needs and can be to be distributed with the encrypted data as-is or is it secret like the key?
I realize this is most likely a newbie question but since I'm obviously not a crypto expect, I want to make sure I use libsodium and the construct right.
Thanks!
That's a pretty old question, but since it was still waiting for an answer, here it is.
The header is indeed a nonce. It doesn't have to be secret. But it is required so that if the same stream is encrypted twice, both ciphertexts will look completely different.
Assume I have sensitive information (passwords, private keys,...) that I saved to a file which I encrypted.
Is there an easy to use tool to convert back and forth between a small file (say 0.5kB) and an image (QR code?) that I can print out to have a safe backup?
You can use LaTeX with the ps-tricks and pst-barcode modules, it produces nice QR codes, and yesm we used it exactly for this purpose: Paper backup of SSH private keys.
Denso Wave of QR code developer distributes software on their site.
Membership registration on the site is required to obtain it.
Even if you can not print with this, there are various tools regardless of free/commercial, so please search.
The maximum amount of data that can be stored in the QR code is 2953 bytes in binary mode.
However, it depends on the ability of the scanner to use.
QR code FAQ #6 Can an image or sound be stored in a QR Code?
I wrote a linux program to do this, called qr-backup.
In researching similar programs as part of it, I discovered a number of alternative projects as well. All of these are also linux-only.
asc2qr.sh
paperbackup. Focused on GPG/SSH key backup. See also the paperkey preprocessor, to reduce the size of keys.
qrdump (incomplete)
qrpdf
If your file is very small (0.5KB is a good cutoff), you can generate one single QR code. An example command-line program to generate it is qrencode. Several web converters are also available.
so I want to generate some cached html files and I want to use some sort of encryption when naming them so they can't be easily accessed. Md5/Sha1,2 might be good alternatives but
I want something light something that would generate a string lets say 12 bytes long (just saying).
Is there anything similiar, available in php?
Thank you.
For obscurity through security purposes I would just use base64 or a simple random number based on seed, or a simple date maybe.
The thing is I don't see any cause for not using md5 as a performance hitter, though you can try crc32() which is basically a checksum calculator. If you insist on having anything else but sha1/md5 - you can also see this list here: http://www.php.net/manual/en/function.hash-algos.php and use the hash() function.
You can use uuid http://php.net/manual/en/function.uniqid.php to generate a unique name, but if you need to be able to reproduce the obfuscated name then your best bet is md5, speed shouldn't be an issue or whatever you refer to with "lightweight".
For something simple, but low security, have a look at the appropriate sized FNV hash. Once you have your hash as bytes, convert it to Base64 or whatever, as you wish.
Once I think about new software projects and current-age data uses, I cannot stand raw files anymore. they seem unnatural now.
Basically a file should contain one or more data "streams", metadata/attributes, etc.
The file should be optimized for sequential, parallel read (like mkv I think) but have reasonable performance for direct ("random") read access, possiby write access, and direct insertions.
Maybe even explicit logical data structure (inside each stream) might be useful.
mkv seems a pretty generic container format, but it seems to not completely fit the need and iirc has some multimedia-specific features in the container format itself
I see sqlite suggested as an alternative, but has an all-file locking mechanism and I just don't know how stream data gets organized (if it stays multimedia-friendly enough or if it's more single-access optimized)
Do you have any hint for me? Are there any other open, cross-platform, generic container, generic-access optimized, insertable data formats? What could I study?
How about HDF5?
I am trying to debug some problems with very picking/complex webservices where some of the clients that are theoretically making the same requests are getting different results. A debugging proxy like Charles helps a lot but since the requests are complex (lots of headers, cookies, query strings, form data, etc) and the clients create the headers in different orders (which should be perfectly acceptable), etc. it's an extremely tedious process to do manually.
I'm pondering writing something to do this myself but I was hoping someone else had already solved this problem?
As an aside does anyone know of any Charles-like debugging proxies that are completely opensource? If Charles were open source I would definitely contribute any work I did on this front back to the project. If there is something similar out there, I would much rather do this than write an separate program from scratch (especially since I imagine Charles or any analog already has all of the data structures I might need etc).
Edit:
Just to be clear -- text diffing will not work as the order of lines (e.g. headers at least) may be different and/or the order of values within lines (e.g. cookies at least) can be different and in both cases as long as the names and values and metadata are all the same, the different ordering should not cause requests that are otherwise the same to be considered different.
Fiddler has such an option, if you have WinDiff in your path. I don't know though if it will suit your needs, because at first glance it's jus doing text comparisions. But perhaps it normalizes the sessions before that, so I can't say.
If there's nothing purpose built for the job, you can use packet capture to get the message content saved to a text file (something that inserts itself in the IP stack like CommView). The you can text diff the results for different messages.
Can the open-source proxy Squid maybe help?