Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
We are setting up a link to a client and they wish to use SFTP but without using keys for client authentication, just passwords. Do you still get the benefit of data encryption with this setup? I thought the protocol used the client keys for encryption but does it or can it use the host key instead?
EDIT:
Looks like Wikipedia has what I needed to know: "SSH also supports password-based authentication that is encrypted by automatically generated keys." (http://en.wikipedia.org/wiki/Secure_Shell#Key_management). And yes not entirely a programming question but a bit of a reflex reaction for me to ask other developers.
Yes. There's a difference between the transport-layer key exchange and the user-authentication key exchange. You do not need to generate any client key pairs for password authentication; authentication happens over an encrypted tunnel negotiated by the transport-layer key exchange, which is largely transparent to the user.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 8 months ago.
Improve this question
I have an embedded system (Netburner 5441x) that consumes public-private RSA keypairs. I have ported OpenSSL into the system but the processor cannot make keypairs fast enough for the application. So the next logical step is to have the embedded system, which has Ethernet, get keys from a PC based server.
I've read about half the PKCS#N documents and it looks like it's all about object formats. Is there an accepted network protocol for transferring public-private keypairs? Would you just open a secure socket and send the PKCS objects with no other framing? Use a shared Key Encryption Key, or have the client send a public RSA key for key encryption by the server?
Is there a standard?
Edit 13Jun22 in response to StackOverflow blocking the question: This question is not asking for recommendation of a book etc., but whether a standard exists for a particular unusual use case. If such a standard existed, that citation would answer the question. Respectfully request removal of the block.
According to the Information Security Stack Exchange, there is no accepted answer for this unusual use case. The best practice seems to be setting up a web service that serves passphrase encoded key files over HTTPS, which implies SSL protection.
https://security.stackexchange.com/questions/262533/what-is-the-right-way-to-transfer-public-private-keypairs-over-intranet
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I recovered a deleted text file from a bitlocker encrypted drive using "EaseUS Data Recovery" tool. The recovered file seems to be the raw encrypted bits. Is there a way to decrypt that file since i have the bitlocker password and recovery key? I am aware that you can decrypt a whole drive, but that is not going to work. I just need a way to decrypt that one file.
I doubt it is possible. The real encryption key is stored on the harddisk; the bitlocker password (or recovery key) only give you access to use that key for decrypting. That real key (which you would need) is never visible / accessible outside the hard disk controller and its memory.
You can verify that by changing your bitlocker password - it takes only milliseconds, because it only is hashed and written onto the hard disk; the encrypted files themselves are never touched, as they still use the same old key.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I'm doing a school project on the security of bitcoin, and I was just wondering if anyone could explain, possibly with credible sources how bitcoin wallets use the passphrase as encryption, what is meant by EVP ("The passphrase is converted to a key/iv using EVP") and just any information that people have about the encryption of bitcoin wallet would be much appreciated.
Thanks <3
To be clear, wallet encryption has nothing to do with the bitcoin protocol. If you were to create a new client, you can encrypt your private key(s) however you want.
According to this wiki the original bitcoin client hashes the passphrase with SHA-512 and then uses a key derivation algorithm described in the official documentation. The actual encryption is AES-256.
EVP ("Envelope") is just a tool of openssl that encapsulates crypo implemenations so that you can change the underlying algorithm without changing too much code.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I want to see plain xml text of xmpp messages content for developing , debugging ,etc
so I've installed 'ejabberd' as xmpp server and 'empathy' as xmpp client.(i track packets with wireshark)
i think it should be done by changing configuration in xmpp server , but i don't know how ?!
I would like someone to guide me through disabling encryption and see xmpp request in plain text form in wireshark.
Thanks in advance!
In ejabberd.cfg, in the listen section, look for configurations for ejabberd_c2s.
Comment out the lines specifying the the certificate and starttls support.
Without starttls, no encryption will be offered (you might need to confirm on your client that you want to connect without encryption as some clients prevents that by default).
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
If I push to Bitbucket like this:
C:\My Projects\repo>hg push https://user:passd#bitbucket.org/user/repo/
pushing to https://user:***#bitbucket.org/user/repo/
searching for changes
no changes found
The first line is what I type:
C:\My Projects\repo>hg push https://user:pass#bitbucket.org/user/repo/
But the message from Mercurial hides the typed password:
pushing to https://user:***#bitbucket.org/user/repo/
Does that mean my password is encrypted before it goes out over the public WiFi connection and is therefore safe?
If it uses SSL then it should be encrypted before password is sent. Whether mercurial uses it or not is specified in mercurial web server configuration.
push_ssl
Whether to require that inbound pushes be transported over SSL to prevent password sniffing. Default is True.
Link