I am trying to make my Server more secure, using public key cryptography. I'm not looking for examples on how this works, I understand it. I need help actually encrypting my strings that i'm sending...
So, currently, I'm simply making a public/private key string by taking the current nano time, and converting it into a hexidecimal string, 20 times. It makes an output like:
8ebe14df8ebe14df8ebe14df8ebe14df8ebe14df8ebe14df8ebe14df8ebe14df8ebe14df8ebe14df8ebe14df8ebe14df8ebe14df8ebe14df8ebe14df8ebe14df8ebe14df8ebe14df8ebe14df8ebe14df
which is fine. But how would i encrypt my message, say "hi", with this key? I've tried converting both into binary, and multiplying them, but then i couldnt un-convert them, because to do that, there have to be spaces in the binary number, but to multiply them, there cant be. can anyone help me?
Thanks in advance!
Also, let me know if you need any more info!
Take a look at this example: http://stilius.net/java/java_ssl.php
Don't try to invent your own cryptographic algorithm, I know that it sounds interesting but it's also not very safe. Try to use already implemented algorithms and protocols. I suggest you to take a look at the link. Though if you do this just for the fun of it then go ahead, if it's for a client or for something that others (than you at least) use then stick to the known protocols.
It's not just an issue of formatting or playing with binary or hexadecimal numbers here. You don't make a public/private key the way you suggested, as it wouldn't have the necessary cryptographic properties that public/private keys usually have. Also, using the current time in nano s is hardly worthy of being used as any kind of an encryption key. If you want to do this in Java, there are libraries that can do public key crypto for you, such as BouncyCastle (http://bouncycastle.org/). It's quite easy to use and implement some amount of cryptographic security into your application with it.
Related
hello I am new to java and i want to develop a simple login application where i have to store values in db. I have read many examples for encryption and decryption but i cant understand(may be because of complex english words) what is algorithm,key, padding and why we have to use getBytes(). Can you explain in detail with examples in simple english. Which algorithm,padding is best useful for encryption and decryption.Is key a predefined fixed word or can we set our own key. Code will be much useful.
Im kinda newbie on the subject so id just recommend hashing and salting the passwords, i cannot offer much more insight, but i found this video which i found to be quite extensive and interesting on the subject, and iirc he even shows some code samples and examples, i recommend starting from there and come back with doubts from that!
The general gist of things is getting the original password string, and generate a random string with it, concatenating both, then hashing the combined form of those and storing the hashed form of both and the random string, then, when that person is going to login, you apply the same salt to the password inserted and compare it to the hashed form in your database.
This has advantages over standard hashing because the random string is unique per user, meaning all hashes, even from the same passwords, will be different, while in normal hashing, youd get the same hash for the same passwords, and thus, it would be easier to crack some if many users had the same password, which cant be done in this case, since every hash key is different.
So remember, generate random string, concat it, hash the concatted string, store the hash and the random string into the db, and compare on login.
I am actually nicely surprised, someone asked before doing it wrong way.
However what are you asking is quite broad for a single answer. I'd advice to take at least some basic course on cryptography (I'd recoment the Coursera. Even if you don't finish your course, you will get pretty good basics what and why you shoud or should not do.
simple login application where i have to store values in db
If the values you mean user passwords, then use slow salted hash, please read https://nakedsecurity.sophos.com/2013/11/20/serious-security-how-to-store-your-users-passwords-safely/
If you want to encrypt some values reversibly, there are plenty examples around, though not all are secure,
Code will be much useful
you may check
https://gusto77.wordpress.com/2017/10/30/encryption-reference-project/
what is algorithm,key, padding and why we have to use getBytes().
I will start with the bytes. Encryption works with byte arrays. So for any text you need to convert your data, keys, passwords,.. to byte arrays. As well the encrypted data are byte arrays.
For the algorithm, padding,.. I really advice you to learn about it a little more yourself.
There are ciphers (algorithm) which are considered secure today, it is more important that you use them properly.
Just for an example, commonly used is AES/CBC/PKCS5Padding
AES - cipher (encryption algorithm)
CBC - mode of operation
PKCS5Padding - padding to fit data into required block length
.Is key a predefined fixed word or can we set our own key.
Key is your secret value, you need the same key to decrypt encrypted data, but the key is yours, the best if it's random
The input number is 126594 and the output is 66265784-0a82-4ce0-84e4-4d6f791a6970
It has 32 chars, so I tried MD5, but the output is different (http://www.sha1-online.com/).
I am trying to generate the post ID on the project done by another developer and he in unreachable. Also changing everything now would take a lot of time, which we do not have.
The best thing you can do is just try a few different hashing algos. You can use the page you referenced and just try all the different hashing algos they have there.
Actually guessing which hashing function it is based only on the input and hashes is quite hard to do and would probably require much more input-hash-tuples.
It could be MAC+IP address. Generally people use to define it as UUID.
You can try this
I'm trying to implement the RSA encryption/decryption algorithm on a text of String. However, everything I have found online either uses Cipher, or they are performing the algorithm on an integer. Could anybody give me a simple guide for implementing this on for example, a sentence?
I prefer not to use Cipher or any other libraries because I want to know how it works.
Edit: Thanks for the help everyone. I finally got it to work :)
The best thing for you to do would be to get fimiliar with the algorithm itself. Wikipedia has decent explanation on it. Then you need to implement modular operations. When you accomplish the above simply treat a message you want to encrypt as a number (rather big number in fact) and follow the operations described in wiki. A sentence (or any other character sequence) can be treated as a number as its just sequence of bytes.
RSA all depends on the large prime numbers and how they are very hard to factor. For further knowledge on the subject I'm gonna give you two resources that will explain the algorithm in further depth. I would recommend writing down which variables/methods you will want to create in java to stay organized.
Here are resources:
YouTube Clip which Explains the premise of the algorithm:
RSA Cipher Explained
More Interactive Slide Explanation:
RSA Algorithm Slide Show
I try to implement a SHA1 decoder but i can't find something usefull on internet. Can anyone help me find information on how I can implement an SHA1 decryption. I want to transform the encrypted data to Strings.
I try to implement a SHA1 decoder but i can't find something useful on internet.
SHA-1 is a hash function. It's one-way: you hash the data, and get a hash. If you hash the same data, you'll get the hash; if you hash different data, you'll "almost certainly" get a different hash.
If you could "decrypt" it, it wouldn't be doing its job.
If you figure out how to crack sha1 props to you. I think the government may be able to do it but you would be hard pressed to find a public library that has a smart algorithm that doesnt take a great deal of resources to crack.
they claim they can crack it and decrypt it, I doubt it works
another source that claims they can decrypt it, i doubt their code is publicly available though
Is there a specific reason you are trying to decrypt it, maybe there is a flaw in your design or another way to solve your problem?
heres a neat diaolog about the progression of sha1
Hash functions are designed to be one-way. So you can't simply calculate the input from the output. Doing this is called a pre-image attack. If the message itself can't be guessed, such an attack requires around 2^159 attempts, which is infeasible.
The best way to reverse SHA-1 is to guess the input. For typical user passwords this attack succeeds quite often, since the password isn't complex enough. For example a typical GPU will be able to try >100mio passwords per second.
This is why we don't use plain SHA-1 for password hashing. We use deliberately slow schemes, such as PBKDF2, bcrypt or scrypt with sufficient work-factor.
If you need to find the password behind a SHA1 hash, put the Hash on google.
If the password is common, and the hash is not 'SALTED', you have a chance to get the password.
Else read this:
https://en.wikipedia.org/wiki/Rainbow_table
I know enough about cryptology to make life difficult for a novice programmer and get laughed at by security experts. So with that in mind, I ask: how secure is javax.crypto.Cipher? I realise that anything can be cracked by someone with a will and a way, but I still would like to know relative details.
The reason I ask is I would like to store account names and passwords that will be sent through my Cryptor class that will encrpyt them, and would like to know if this will do the job. If any one has any literature that I could read, that would be greatly apprieciated.
Thanks ~Aedon
Cipher is a generic class to apply an encryption/decryption algorithm. Its security depends on the actual encryption algorithm used (DES, triple-DES, AES, etc.), on the size of its key, and on the block chaining type that you choose.
If you intend to store passwords securely, then your requirements are quite different from simply "communicating securely/privately". A Cipher on its own is not enough to protect you. You need to use one of these
bcrypt
scrypt
PBKDF2 from PKCS#5
in that circumstance. Here are some arguments and links concerning password security.
The punchline is that "normal" encryption (or hashing, too) is just way too fast to hold off serious attackers. You want to artificially slow down the entire process to make it as hard as possible for somebody systematically attacking your application. A single user won't notice the difference between 1 or 500 milliseconds when entering a password but for an attacker this means that in order to break your scheme it will take them 500 times as long on the average - so if it would have taken roughly 1 month to find a valid password before, now it will take 500 months.
Since NullCipher is a Cipher - not secure at all.