Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I wondering whether the following security concept is suitable for a web app:
1) Login UI availabe only over SSL.
2) Login UI consists with 3 fields:
List item
User name,
File upload box,
Pin field.
File for upload box is emailed to user during registration process.
This file is a long sequence (few kilobytes or few dozens of kilobytes) of random bits.
This file scrambled using pin value, than its hash like SHA-512 calculated in an multi-layer manner, like so - many times calculate the hash, appending or prefixing the hash from previous iteration to last processed blob.
F(n) IS (
IF n == 0
THEN HASH(SCRAMBLE(file, pin))
ELSE HASH(IF n mod 2 == 0 THEN CONCAT(F(n-1), FILE) ELSE CONCAT(FILE, F(n-1));
Pin is displayed during registration on screen as image, so this pin is ONLY displayed on screen, but never transmitted to user as plain text.
Is this enough secure?
Thanks for comments.
Possible contexts or types of web apps:
a) business website (with payments processing in behalf of site owner).
b) intranet or corporate website with access to a special section for customers.
The answer is no.
The large file is sent via email which is not secure. In addition you are requiring the user to upload each time (s)he logs on; (a) that's a total pain in the rear, and (b) most users are going to leave the file hanging around on their computer's disk somewhere. The ratio of security : user inconvenience is extremely low, I wouldn't do it.
If you need to be extremely secure, use a strong password plus a true out of band, single-use token such as an SMS message that they need to request each and every time they use a new computer. Use the password and the single-use token to authorize the download of a larger machine-specific cookie that is tied to their machine in some manner (e.g. device signature plus IP address of some kind), and re-require the use of the out-of-band SMS if anything doesn't match up.
Also, don't forget about phishing mitigations.
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 5 years ago.
Improve this question
I have a encrypted file and i am aware of its password. I am trying to decrypt it but i could not find any properties of this file such as the type of algorithm/program that was used to encrypt the file originally.
I am thinking to try 'gpg' and 'openssl' and other techniques that can be used to decrypt this file without corrupting it. Although i have taken the backup, it's a huge file which takes roughly 3hrs for backing up. Hence i am extra careful so that it does not goes corrupt.
Thanks,
The general idea of encryption is that the result should be indistinguishable from the noise.
That automatically means, that unless you know all the parameters, you won't be able to infer it from the encrypted file if it was done right.
Unless you brute force all the possible types of encryption and their parameters (good luck with that!).
In a nutshell, you are going to have to find out what program was used to encrypt the file, and maybe, possibly (but probably not) have to know how the program was configured. People have been using computers for encryption almost as long as computers have existed. There are hundreds of different encryption programs that have been published over the years.
Your best bet is to get the developer to tell you which program he used and how to use it.
Your next best bet is to search through your backups of every machine he used looking for some clue as to what program he used.
If that doesn't help, it's time to start trying every encryption program you can get hold of. Obviously, you'll want to start with the newer ones, and the more popular ones, and the ones that run on whatever operating systems he was known to use.
Considering the size of the file, it's likely that you're dealing with an encrypted archive or, an image of an encrypted file system. So, don't limit your search to specialized encryption utilities. You'll also want to try all of the different archivers and all of the different file systems and operating systems that offer encryption as a feature.
If you've tried every encryption program without success, and you still haven't blown your budget; then the next step is going to blow your budget. I'm pretty confident in saying that because if your organization was the kind that could afford to take the next step, then you wouldn't be asking how to do it on StackOverflow. Heck! You probably would not even be allowed to use StackOverflow without written permission from three levels up the hierarchy.
I don't think this is possible, but I'll ask anyway. Here is what I am trying to do:
I have a HTML5 game that users play in their browser. When the game is over, they see their final score. I want to be able to send that score in an encrypted format to the server. I don't want the players to be able to reverse engineer the server call and set their score higher than what they actually earned. Is there a way to encrypt this and make it impossible for the player to reverse engineer it?
Short Answer: No, what you want to achieve cannot be done, but not for the reasons you think.
Long Answer: You can most certainly encrypt the final score and send it to your server. You can even do this in a way that means that the user couldn't hope to decrypt it once encrypted.
The flaw lies in the fact that the user can encrypt whatever they like in the first place. Let's say you send the encrypted score to the server in an HTTP POST request at the end of the game. Nothing stops the user from taking apart your JS, finding the public encryption key and submitting that same POST request without ever actually playing your game.
To actually solve your problem: The game must be controlled on the server. The client side of the game must simply send input actions which are then interpreted on the server. Since the gamestate is only ever modified by the server, no fake scores can be generated.
On the client device, a synced Realm can be setup with an encryption key that's unique to the user and stored on the device keychain, so data is stored encrypted on the client.
(related question: Can "data at rest" in the Realm Mobile Platform be encrypted?)
Realm Object Server and the clients can communicate via TLS, so data is encrypted in transit.
But the Realm Object Server does not appear to store data using encryption, since an admin user is able to access all the database contents via Realm Browser (https://realm.io/docs/realm-object-server/#data-browser).
Is it possible to setup Realm Mobile Platform so user data is encrypted end-to-end, such as no one but the user (not even server admins) have access to the decryption key?
Due to the way we handle conflict resolution, we currently are unable to provide end-to-end encryption, as you correctly deduced. Let's go a tiny bit into detail with regards to the conflict resolution.
In order to handle conflicts the way we do, we use something called operational transformation. This means that instead of sending the data over directly, the client tells the server the intent of the change, rather than the result. For example, when two users edit a text field, we would tell the server insert(data='new text', offset=0) because the first user prepended data at the beginning of the text field, and insert(data='some more stuff', offset=10) because the second user added data in the middle of the field. These two separate operations allow the server to uniquely resolve what happened, and have conflictless resolution of the two writes.
This also means that if we encrypt everything, the server would be unable to handle this conflict resolution.
This being said, that's for the current version. We do have a number of thoughts on how we could handle this in the future, while providing (some degree) of encryption. Mainly this would mean more work on the client, and maybe find a new algorithm that would allow us to tell the client the intent, and let the client figure out how to merge everything. This is a quadratic problem, though, so we're reticent to putting too much work on the client side, as it could really drain the battery.
That might be acceptable for some users, which is why we're looking into it. Basically, there will be a trade-off. As the old adage goes: fast, secure, convenient: pick two. We just have to figure out how to handle this properly.
I just opened a feature request around possibly using Tresorit's ZeroKit to solve the end-to-end encryption question posed. Sounds like the conflict resolution implementation will still cause an issue though, but maybe there is a different conflict resolution level that can be applied for those that don't need the realtime dynamic editing of individual data fields (like patient health data, where only a single clinician ever really edits a record at any given time).
https://github.com/realm/realm-mobile-platform/issues/96
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
Hello I am working on a web page in drupal. One of the content is about a scholarship and there are certain zipcodes that are eligible for that scholarship. I was wondering if there is to have a search box within that web page were the user types in there zip code and than tells you if they are eligible or not I was thinking some javascript, but I was wondering if there is any better ideas. Thanks!
Sure, you could use javascript on the client side or php (as Drupal is in php) on the server side. The tradeoff with the javascript approach is you'll have to send all the valid zip codes (or some rule that computes them) to the client every time your page is loaded. But the upside is then it'll be very fast for the client to try various zip codes (since no server communication will be needed). And this may be easier for you to code.
For your use, you'd probably get better overall performance doing this in php on the server. But then you'll need to be familiar with some form of client-server communication (ajax for instance) so that you can send the zip code back to the server and listen for a response.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
Suppose I have a server that generates a private key in memory upon starting.
Is there anyway for a snooping administrator (say from Heroku or Nodejitsu) to recover that private key while that server instance is running (i.e. somehow access it within memory)?
If it matters, I'm running this on Node.JS
It depends on what systems do they use and if they have features to prevent that from happening. Otherwise I can say that administrators who have access to the host can get your private key in so many ways. For example they can freeze your instant and save its state which basically copies the memory to the hard-disk, then unfreeze it and that doesn't take long on fast systems. Also they can dump the memory of your instance since it is simply a running app under the hypervisor. These might not be easy to do but based on my experience in the security field I can say they are very possible.
However, I think you should store the encrypted version of your key in the memory. And only decrypt it when it is being used so the decrypted version is only stored temporarily in the CPU registers.
You don't just generate a private key, you generate a key pair. Then you must make sure that the other party uses the trusted public key of that key pair (to verify signatures or encrypt data). If they just use any public key then they cannot be sure it does not belong to an attacker. So even if the admin does not get access the private key, they simply can replace the public key with one they generated. So you would have a huge opportunity for a man in the middle attack.
Key management is hard. You cannot simply replace it with some haphazard scheme. There are a lot of (security) disadvantages about generating a key pair on each run as well. In general, it is not such a good idea.