Suppose I have an application, which when opened asks you to open a file and then “unlock” that file using a password that’s configurable by the user.
The file should be encrypted with something like AES-256, right? The key would be the password, but should the users password be hashed using something like SHA-256? Should I salt the hash as well? If I do salt the hash, do I just store the salt at the start of the file?
Is this the correct way to go about things?
Information Security Stack Exchange is a question and answer site for information security professionals. It only takes a minute to sign up.
Sign up to join this community
Anybody can ask a question
Anybody can answer
The best answers are voted up and rise to the top
Asked
Viewed
9 times
I’m using Azure to store customer data. In a specific country, there are multiple partners. Each partner has his clients. The issue is they don’t want us to have access to this data. In other words, the only one who can access the data is the partner and the client. So I’m thinking of using a master key for each partner but I’m not if not the best approach.
114k50 gold badges263 silver badges293 bronze badges
asked 14 mins ago
1
I’m trying to understand the different between disk encryption and volume encryption, more specifically as it relates to SAP HANA, link here.
From my understanding Disk Encryption prevents the threat where someone physically disks your server/disk. Once the VM is running it offers no additional protection as all data is in plaintext.
Volume encryption as per SAP’s solution states that:
“If data volumes are encrypted, all pages that reside in the data area on disk are encrypted using the AES-256-CBC algorithm. Pages are transparently decrypted as part of the load process into memory. When pages reside in memory they are therefore not encrypted and there is no performance overhead for in-memory page accesses“
If I’m interpreting this correctly it would seem that the data that is written to disk is encrypted using AES256, so even if someone could get access to the running server they will be unable to view the files unless they had the keys, which is different to disk encryption.
Any thoughts?
I was curious about setting SAH-3 as the preferred hashing algorithm for GPG but that looks like it is not yet supported and the documentation states this:
SHA-3: SHA-3 is a completely new hash algorithm that makes a clean break with the previous SHAs. It is believed to be safe, with no warnings about its usage. It hasn’t yet been officially introduced into the OpenPGP standard, and for that reason GnuPG doesn’t support it. However, SHA-3 will probably be incorporated into the spec, and GnuPG will support it as soon as it does.
What does this means: ...and GnuPG will support it as soon as it does? Are there any development plans for supporting SHA3 or BLAKE?
Software Engineering Stack Exchange is a question and answer site for professionals, academics, and students working within the systems development life cycle. It only takes a minute to sign up.
Sign up to join this community
Anybody can ask a question
Anybody can answer
The best answers are voted up and rise to the top
Asked
Viewed
13 times
I’m working on my data persistence strategy for HIPAA and PHI (Protected Health Information) related data.
Here’s what I’m currently doing:
Problem:
However, I need to encrypt some individual data fields from within my Lambda API before saving them to the database. The database might change–e.g. PostgreSQL to whatever–so I don’t want to use database-specific field-level encryption.
Here are my thoughts:
Questions:
asked 2 hours ago
UserX is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
I have some *.sa files on my devices. These files which were saved by me are either images or PDF. But these files do not open with a photo viewer or PDF reader. So how to open and read files these files on my device?
The device in which the files were initially stored was an Android which was transferred to another Android via SD card. These were important documents and images which were in a hidden album of Redmi 5 which due to some reason(fell in water) were transferred to another device (Android).
I want to know whether or not facebook messenger calls can be intercepted and listened to by hackers.
I would also like to know if my exact location can be found by hackers through them knowing my mobile phone number.
Long story, but I went on a date with a girl who I then blocked immediately afterwards due to me suspecting she was a bit of a psychopath (which the proceeding story will confirm), and then a couple of days later I was bombarded with phone calls from a private number in a robotic voice, from that girl, asking why I blocked her making threats, saying I’d get bashed and she would kill me – my exact house address was also found by her despite me never even telling her where I lived, and she actually got someone to pull up to my address to scare me at 2:00am when this was all happening. This was scary in and of itself, but what freaked me out even more was the fact that when I went onto my computer to make a call to my friend over messenger, telling him what was going on, we both heard the same robotic voice sending threats, and it was literally on the messenger call now that I was on on my computer, not on my mobile phone.
So I am going to be concerned if they can actually listen to what I was saying and potentially hack into my Facebook and other accounts.
But if it is easy to intercept a call and send messages into that call connection without actually hearing what the parties in the call are saying, then I won’t be shitting myself as much.
And by the way, my phone was on me the entire time we were out on a date. No way would she have been able to access it. I never told her my address. There is no way she could have installed software onto my phone. She only had my phone number, and I guess she could have found my LinkedIn page and Facebook account if she searched online, but none of which reveal my exact location. I blocked her on snapchat and I didn’t have my SnapMaps on so she couldn’t have figured out my location that way as well.
Please, any clarification on the severity of this matter in terms of my internet security would really be appreciated because this is quite distressing.
I’m new to DUKPT, so I’m not entirely clear about DUKPT and HSM. Right now, I’m trying to decrypt data (PAN number) from terminal.
So far, when I receive KSN and encrypted data, I understand that I need to find encryption key. From my HSM I can get IPEK based on (KSN, BDK). But here is the confusion, based on articles I read, and terminal vendor’s doc, encryption key will be one of the Future Keys.
Once I get correct Future Keys then I can derive data key variant and do decrypting in my HSM. I’m just stuck with these two questions.
Any explanation would be really helpful.
the encryption: AOp//W4d2BF57veRpbIbZA==
it looks like base64 but it’s not
all I know is the plaintext 01006069622e
thanks beforehand!
I’m trying to encrypt the Email and LoweredEmail columns on a SQL database using Always Encrypted encryption using SSMS and I always get the same error:
Lock request time out period exceeded. There is no user table matching the input name ‘(dbo).(aspnet_Membership)’ in the current database or you do not have permission to access the table.
I still get the same error when I log in as the SA account, sio I guess that it’s not a permissions problem.
EDIT *** Added the PowerShell Script
Import-Module SqlServer
$password = “”
$sqlConnectionString = “Data Source=GALADRIELSKYLINE;Initial Catalog=SkylineMembership;User ID=sa;Password=$password;MultipleActiveResultSets=False;Connect Timeout=30;Encrypt=False;TrustServerCertificate=False;Packet Size=4096;Application Name="Microsoft SQL Server Management Studio“”
$smoDatabase = Get-SqlDatabase -ConnectionString $sqlConnectionString
#Add-SqlAzureAuthenticationContext -Interactive
#Add-SqlAzureAuthenticationContext -ClientID ” -Secret ” -Tenant ”
$encryptionChanges = @()
$encryptionChanges += New-SqlColumnEncryptionSettings -ColumnName dbo.aspnet_Membership.Email -EncryptionType Deterministic -EncryptionKey “CEK_Auto1”
$encryptionChanges += New-SqlColumnEncryptionSettings -ColumnName dbo.aspnet_Membership.LoweredEmail -EncryptionType Deterministic -EncryptionKey “CEK_Auto1”
Set-SqlColumnEncryption -ColumnEncryptionSettings $encryptionChanges -InputObject $smoDatabase
