I'm looking for the logic to decrypt (not only decode) QR Codes. Recently I have seen several applications that encrypt QR codes like QuickMark. For example this QR decrypts to "StackOverflow" with the password "pass":
I you use a normal QR Reader without decryption we get (this is the actual output of the QR above):
PE:r������Q�\�9:
Whats the login behind encrypting and decrypting QR Codes?
Is there a code sample or library (in any language or pseudo-code) that already performs these operations?
From my research I've found that the encryption is not simply achieved by running a cryptographic function like SHA and simply encoding that into a QR... I have tried unencrypting the content "r������Q�\�9:" (without the PE:) with tools like this Online Encrypt Decrypt String and with several algorithms, using the passphrase "pass" but I can't see the text "StackOverflow".
From QR Encryption: Encrypted QR codes, which are not very common, have a few implementations. An Android app, for example, manages encryption and decryption of QR codes using the DES algorithm (56 bits).
You will need to know the encryption password or key. The only hope is a simple/common password for a brute-force attack, other than that the there is little hope to decrypt the data, even though DES is a weak algorithm.
SHA* is not encryption, it is a cryptographic hash code which are one-way functions, that is there is no way to un-scramble them back to the original.
Encryption is used to allow those authorized to have access. The Japanese immigration system uses encrypted QR codes when issuing visa in passports.
Related
I am making a password management tool like Lasspass for myself and family to use, but I have encountered some problems in security. After reading LastPass-Technical-Whitepaper, I am very curious about how they do it only on the client side.
According to the "Local-Only Encryption Model" they describe, the server only stores the encrypted infomation.
Does this mean that they don't store any key or IV or salt for AES decryption on their server side?
As far as I know, this may be fine if I encrypt and decrypt on the same device, but I use Lasspass to add a password on the computer, but I can see the password on the mobile phone.
How do they decrypt it on the mobile phone?
Should the mobile phone have no key and IV and salt for computer-side encryption, isn't it?
I am currently using ASP.NET Core 3.0+React+identityserver
How should the truly secure "Local-Only Encryption Model" be implemented?
Could someone give me some direction?
Thanks for any help.
first: i don't know about the lastpass implementation, or the paper
but let's have a look at what we can do...
let's say we have a server that stores binary data for us, and further, it does so on a per user/account basis...
what do we need to be able to authorize account functions like "replace data" or "request stored data"?
we need a task that has to be solved by the client that proofs the client-identity, in other words an operation that can be solved if-and-only-if the client holds a specific secret... this screams for asymetric crypto and/or digital signatures ... keypairs ...
how could we do this if we have no shared storage to safely store a key and share it between 2 different devices?
one possible solution is quite simple and starts with... PBKDF2 ... Password Derived Key Derivation Function
PBKDF2 takes a password, a salt, a parameter for the number of rounds, and gives you... bits... pseudo random bits
Take your username and hash it ... => a perfect salt...
Take an arbitrary number like 15000 => your number of rounds (larger numbers slow down the process of calculating -> slowing down bruteforce attacks while you only need to calculate it once every login)
Take your password => surprise... a password
run PBKDF2
seed your favourite CSPRNG (Cryptographically Secure Pseudo Random Number Generator) with a few bytes from the resulting bitstream
use your favourite CSPRNG to generate a new (RSA,DSA,ECDSA,whatever) keypair ...
use the key
this EXACT key pair will be generated EVERY time you run these steps, on any device
of course this breaks down the security of said keypair to the strength of the secret parameters to PBKDF2, which will be... your password
but now you have asymetric crypto from a password...
the server stores the public key ... and just asks the client to decrypt a number (a nonce) together with the request to replace/retrieve the data... being able to decrypt the nonce proofs that the secret key is known to the client
you can also derive an AES key from the PBKDF2 Stream to encrypt your Password database before you send it to the server ... or to decrypt it once it has been recieved
I have a keystring which allows customer to have additional features.
Obviously I would like the software to check that this string is valid, and not modified.
Is the following idea feasible:
get the key string as encrypted value, and encode it in Base64
(my encrypted string is around 100 characters, for my purpose)
calculate the checksum (MD5) of course using a private salt.
weave the checksum into the encrypted data
In principle :
xxxxCxxxxxxCxxxxxxxxCxxxxxxxxxxCxxxxxxxxxxxxxCxxx
the places to weave into the encrypted data could be determined by first cher of the encrypted, creating up to 16 different patterns.
On checking the code validity I simply "unweave" the checksum, test if it's correct, and thereby know if the data has been modified.
Is my line of thoughts correct ?
The cryptographic feature you're thinking of is called "authentication," and there are many well-established approaches. You should strongly avoid inventing your own, particularly using a long-outdated hash like MD5. When an encryption system is authenticated, it can detect changes to the ciphertext.
Your best approach is to use an authenticated cipher mode, such as AES-GCM. Used correctly, that combines encryption an authentication in a single operation. While decrypting an authenticated scheme, the decryption will fail if the cipher text has been modified.
If you don't have access to AES-GCM, the next option is AES-CBC+HMAC, which uses the more ubiquitous AES-CBC with a random IV, and appends a type of encrypted hash (called an HMAC) to the end of the message to authenticate it. In order to authenticate, you need to remove the HMAC, use it to validate that the cipher text is unmodified, and then proceed to decrypt normally. This scheme is generally called "encrypt then MAC."
The implementation details will depend on your language and frameworks.
I need a way to allow multiple people encrypting various files but only one party been able to read them all. I wrote a program in Go by following various online examples but at some point I got the following error:
Error from encryption: crypto/rsa: message too long for RSA public key size
Is RSA the wrong way to go? Is it ok if I break the file into multiple chunks and encrypt them? Is there an asymmetric block cipher that I can easily use?
I read the discussion here and it is said that RSA is not the proper way to go.
Can you also provide with an example?
If you need public key asymmetric encryption for data larger than the key size you need to use hybrid encryption. Essentially this is how HTTPS works.
Hybrid encryption is where the data is encrypted with symmetric key encryption such as AES and that key is encrypted with asymmetric key encryption such as RSA or EC (Elliptic Curve) Cryptography.
Do not break the file into multiple chunks and encrypt them.
So I ended up using GPG and my service has one unique private key and I share the public one with my users.
What is the most secure hash algorithm to use in ColdFusion 9 (non-Enterprise)?
According to the CF documentation, these are the options:
MD5: (default) Generates a 32-character, hexadecimal string, using the
MD5 algorithm (The algorithm used in ColdFusion MX and prior
releases).
SHA: Generates a 40-character string using the Secure Hash Standard
SHA-1 algorithm specified by Nation Institute of Standards and
Technology (NIST) FIPS-180-2.
SHA-256: Generates a 44-character string using the SHA-256 algorithm
specified by FIPS-180-2.
SHA-384: Generates a 64-character string using the SHA-384 algorithm
specified by FIPS-180-2.
SHA-512: Generates an 128-character string using the SHA-1 algorithm
specified by FIPS-180-2.
But in this article, it says not to use MD5 or SHA-1
I am also a little skeptical about the cf documentation. It says encoding "SHA-512" uses SHA-1, but the description of "SHA-512" for the Enterprise version is "The 512-bit secure hash algorithm defined by FIPS 180-2 and FIPS 198." And the output of SHA-512 is larger than SHA-384. Sorry, I am having a hard time getting my head around all these different encoding principles.
Hashes are not secure by themselves, anything that can be hashed can be broken. So in the security world you might think, ok I need to run the hash multiple times to obscure it more, but that doesn't secure the information, it just means someone has to repeat that same process and iterate over the hash multiple times. If they know the hash algorithm you used and assume they do, it's not secure. Sha-256 should be good enough for hashing information unless you are trying to secure the information. Hashes should never ever be used by themselves to secure information. Just because it isn't human readable does not make it secure.
If you want to secure something use coldfusion a encrypt functions and make sure you use a decent algorithm, like AES because the default in coldfusion is not secure. Then you need to use some entropic data from the information you're securing to ensure you have a unique encryption key that would be hard for someone to guess or find. Do not hard code a single key in your code, this will make it easy for someone to find and utilize a pattern in all of your encryptions.
Use something like bcrypt or scyrpt for storing passwords. I know they are more work to put into use and require java integration in coldfusion but they are much more secure ways of storing information. Remember that even with bcrypt or scrypt the information can be compromised given enough time and someone willing to put the effort into decrypting it. Be paranoid when securing information.
I want to do searching on encrypted data. Which means that there is the need to have the same ciphertext every time I encrypt the same plaintext. I.e. think of a list of encrypted names and I want to find all "Kevin"'s in it. I would now encrypt "Kevin" and search the database for the encrypted text. All hits will be "Kevin"'s — but still only the one who has the password knows.
Now my question: What about security if I use the same salt and IV (to get the effect described above) all the time? Is the encryption still secure? Or is there any other method to do searching on encrypted data?
If you want to do a deterministic encryption then you should use an encryption mode
that has been designed for deterministic encryption (and not modify an encryption mode designed for something else).
One possibility is the SIV encryption mode described in
RFC 5297.
(Of course, deterministic encryption has its drawbacks, but discussing this is not part of this question.)