Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I'm doing a school project on the security of bitcoin, and I was just wondering if anyone could explain, possibly with credible sources how bitcoin wallets use the passphrase as encryption, what is meant by EVP ("The passphrase is converted to a key/iv using EVP") and just any information that people have about the encryption of bitcoin wallet would be much appreciated.
Thanks <3
To be clear, wallet encryption has nothing to do with the bitcoin protocol. If you were to create a new client, you can encrypt your private key(s) however you want.
According to this wiki the original bitcoin client hashes the passphrase with SHA-512 and then uses a key derivation algorithm described in the official documentation. The actual encryption is AES-256.
EVP ("Envelope") is just a tool of openssl that encapsulates crypo implemenations so that you can change the underlying algorithm without changing too much code.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 8 months ago.
Improve this question
I have an embedded system (Netburner 5441x) that consumes public-private RSA keypairs. I have ported OpenSSL into the system but the processor cannot make keypairs fast enough for the application. So the next logical step is to have the embedded system, which has Ethernet, get keys from a PC based server.
I've read about half the PKCS#N documents and it looks like it's all about object formats. Is there an accepted network protocol for transferring public-private keypairs? Would you just open a secure socket and send the PKCS objects with no other framing? Use a shared Key Encryption Key, or have the client send a public RSA key for key encryption by the server?
Is there a standard?
Edit 13Jun22 in response to StackOverflow blocking the question: This question is not asking for recommendation of a book etc., but whether a standard exists for a particular unusual use case. If such a standard existed, that citation would answer the question. Respectfully request removal of the block.
According to the Information Security Stack Exchange, there is no accepted answer for this unusual use case. The best practice seems to be setting up a web service that serves passphrase encoded key files over HTTPS, which implies SSL protection.
https://security.stackexchange.com/questions/262533/what-is-the-right-way-to-transfer-public-private-keypairs-over-intranet
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 years ago.
Improve this question
I am new to reverse engineering.
I am using immunity debugger, x64 dbg, ollydbg.
Softwares like Winzip we can't able to read it's strings because it is obfuscated (encrypted).
I have watched some tutorials on YouTube, but those softwares ( power iso) strings were unencrypted.
I need to know is there any way to deobfuscate (decrypt), it's strings to reverse engineer
Obfuscation should not be confused with Encryption, semantics aside, Encryption is strong protection against capable attackers, Obfuscation is not.
With regard to your question, the theoretical approach is:
Identify cryptographic primitive being employed
Identify mode of operation, cryptographic trap-door function
Execute best known attack on cipher-text
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
Id like to encrypt a file and share it. I'd like the file to be decrypted just one time. I was wondering if there are security or encryption protocols that can be used to implement a 1 time use scenario. In simple terms the decryption key would only be good one time.
No it's not possible, with any kind of computer and any kind of OS.
What you want is called a DRM, and your file would need to be read by a program you've coded that would destroy the file (and the decoding key) after reading. But in order to protect the decyphering program from being copied, you'd have to sign the application against your OS, and make your OS protect that file from deletion. And in order to protect your OS from being copied with the file within, you'd have to use a computer that has a chip in the CPU making everything uncopiable... That's called trusted computing.
And though it may theoretically work, it would still be possible to keep a copy of your file, and use a super computer for up to 1000 years (or one hour, depending on your algorithm and the size of your key) to find your decription key, and thus access your precious content.
For the story, sony has tried putting DRMs in their CDs, and that's what they end up creating.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I am looking to provide some properiatary software with the raspberry pi as the platform (but this could be with any embedded board). I'm looking for a way for the file system to only be visible on that device.
Is this possible? How?
You could encrypt the whole disk or the volume using LUKS or dm-crypt if your distribution supports it. It's also possible to encrypt files or directories on the disk while leaving the file-system mountable (but scrambled). If you go the latter route, it would be a good coding experience to write your own software that encrypts files and then de-crypts them when a key is entered.
Either way, you'll run into an issue: Before using the clear data, someone has to input the key. If the key is stored on the card, nothing prevents an attacker reading the key from a stolen card. If it's input by a person, that person needs to manually enter the key after every boot.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
We are setting up a link to a client and they wish to use SFTP but without using keys for client authentication, just passwords. Do you still get the benefit of data encryption with this setup? I thought the protocol used the client keys for encryption but does it or can it use the host key instead?
EDIT:
Looks like Wikipedia has what I needed to know: "SSH also supports password-based authentication that is encrypted by automatically generated keys." (http://en.wikipedia.org/wiki/Secure_Shell#Key_management). And yes not entirely a programming question but a bit of a reflex reaction for me to ask other developers.
Yes. There's a difference between the transport-layer key exchange and the user-authentication key exchange. You do not need to generate any client key pairs for password authentication; authentication happens over an encrypted tunnel negotiated by the transport-layer key exchange, which is largely transparent to the user.