Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
Let's say i have one plaintext and i encrypt it with different keys (each on its own). Is it possible to find the plaintext from these encrypted ciphers or how hard is it to resample the text?
Does this even make sense, especially in respect to asymmetric-encryption?
For example:
VALUE KEY CIPHER
"abc" + "key1" -> "izwer"
"abc" + "key2" -> "werio"
"abc" + "key3" -> "nbmdi"
"abc" + "key4" -> "oiuuw"
The best known example of an attack against asymmetric encryption with multiple keys is
Hastad's broadcast attack against RSA.
This is of course one of the motivations to use a properly designed padding scheme.
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 2 hours ago.
Improve this question
The documentation for Encoding Policy states that
The default indexing applied to string columns is built for term searches. If you only query for specific values in the column, COGS might be reduced if the index is simplified using the encoding profile Identifier. For more information, see the string data type.
How does the indexing for Identifier affects performance for hasPrefix, hasSuffix and regex matches? Is it inadequate to such queries?
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
What is the IV in encryption used for?
Is this a valid example for encryption with IV? (Pseudocode)
Encryption->xor data with key, prepend IV to output
Decryption->just remove IV and xor the rest with same key
The IV (Initialization Vector) is designed to be random for each message so that two identical messages encrypted with the same key are not the same thus leaking information. The IV does not need to be secret so it can just prefix the encrypted message.
The point is that the IV causes the entire encrypted message to be different, adding it to the message is just one common way to make it available for decryption.
Consider the case where Alice sends Bob a message every day of where they will meet, either the mall or the post office. With the same key and IV eavesdropping Eve after noticing where they meet but not knowing which location can tell just be looking at the encrypted message without need to decrypt it. It could be "attack at dawn" or "attack at dusk".
The key can be pre-shared once and reused securely for many messages just by using a different random IV for each message.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
Please suggest any widely used query parameter encryption technique that works best for common servers and client side libraries?
The requirement is to encrypt entire query string right after the '?' so that no field names or values can be read in clear.
Is there any HTTP level standard for the same?
One of the ways could be,
mycommerce.com/gp/goldbox?gb_f_GB-SUPPLE=sortOrder:BY_SCORE,enforcedCategories:165796011&pf_rd_p=2208383682&pf_rd_s=slot-3&pf_rd_t=701
would become
mycommerce.com/gp/goldbox?params=<encrypted string>
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I have a login and password that I need to store in my database. What is a safer way to encode them (I use AES algorithm): as one string with separator between login/pass, or as a two separate strings?
Encoding has to be reversable, so please don't mention hash.
Safety has not much to do with your choice. If you use AES with mode different than ECB and PKCS7/PKCS5 Padding you can either encrypt logins and passwords alone or logins and passwords seperately. It depends on wheather you will need a login without a password in your implementation. You will probably use the same key to encrypt both login and password. So splitting is by no means an additional security measure. If you woudl use some salted PKDF keys can be different for each record, but attacker still needs only to get the master password and a salt.
That's no any additional security in encrypting them together or separately.
However, you should also choose wisely cipher mode/initial vector - for CBC and CTR (and CFB?) input to encryption is xored with encrypted Initial Vector, so having the same vector for two encrypted passwords, xoring them would allow to get xor of original passwords, which can leak information.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
Suppose im given a large essay. Whats the best method available to shrink it down into a small string of letters which I can decode later? Suppose Im allowed to keep a set of predefined keys if i need to?
Assuming the text is English and you want to minimize the size of the "small string", you will find a number of algorithms here: http://www.maximumcompression.com/data/text.php
For ease-of-implementation, however, you might simply want to use zlib, as it's generally available.
Further, if you want to encrypt the compressed text, you should use AES in CTR mode (and possibly appending an HMAC; ref: http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html).
Finally, assuming that by "asring of letters" you meant "a string of letters", you could base-64 encode the encrypted data, which would give you a string of letters, numbers, and a limited amount of punctuation.