Tag: encrypted

bitcoin core – Isn’t an encrypted wallet.dat automatically a “watch-only” wallet?

I have encrypted my wallet.dat outside of this computer. Now I store my wallet.dat on this computer.

If I open it in Bitcoin Core, I can view the balance but not spend it (without entering the decryption passphrase).

Doesn’t this make an encrypted wallet.dat a “watch-only” wallet? Can’t I simply safely keep this on my PC and use the RPC API to check on the balance to make sure that it still contains my coins?

Basically: What is the difference between an encrypted wallet and a “watch-only” wallet? Why would I make a “watch-only” wallet when the encrypted wallet apparently has the same functionality, and is as secure?

encryption – How can WhatsApp share information with Facebook if the messages are encrypted end-to-end?

WhatsApp is enforcing a new controversy privacy policy that, as far as I understand, shares data from your chat messages with Facebook to provide you with “tailored ads” on Facebook.

How can WhatsApp share this information with Facebook, if the messages are encrypted end-to-end?

Does it mean that the messages are encrypted in my phone, sent encrypted (with the key to decrypt) to Facebook for targeting Ads, and another message is sent with the key to decrypt to the cellphone of the person I’m having a chat with?

encryption – gpg stopped decrypting a symmetrically encrypted file

Just yesterday I decrypted this same file using a key that I have written down, but today every time I try the same key gpg returns:

gpg: decryption failed: Bad session key

I suspect that either I was typing something wrong every time I decrypted this file and didn’t notice or there’s something wrong with the characters that are being entered by my keyboard.

Also, gpg says it is AES256.CFB encrypted data, although I don’t remember seeing this CFB anytime I decrypted something in this computer, although I might be mistaken, neither did I set this option when encrypting.

I am using Manjaro 20.2.1 and gpg 2.2.25 with libgcrypt 1.8.7

Can anyone help me?

cryptography – Why is a password encrypted with AES and then sent back to the server together with the key with RSA (Instagram)?

I am trying to understand an encryption process on a website (Instagram). As far as I know, a public key is sent from the server to the client. Then the password is encrypted with AES_GCM_256 and packed together with the AES key in an array and then in a sealed box with the public key from the Server.

Is a sealed box the same as simply encrypting the array with RSA?

Why do you do that?

I mean, if you find out the RSA private key and then decrypt the data encrypted with RSA, wouldn’t you also have the AES key to decrypt the password?

And the public key is very short:

297e5cd13e20f701d57bd5a1ee82bcead9a20e4080bc6c737917b868eb65f505

Only 64 characters so 512 bits.

Is that even safe enough for RSA?
Or is the key Curve25519?

As far as I know, should an RSA key be at least 2048 bit large?

I would appreciate a link or the answer to a few questions 🙂

Best regards

hash – BruteForce Encrypted DataBase – Challenge

I got a challenge to brute force encrypted DB. I received zip file with: DB,DLL(encrypted) and exe.

I opened the exe with DnSpy to read the logic: it requires 4 digit pin code to Decrypt the DB and DLL.

The logic is this: the pin code must be in length of 4. After that the code hashes the pin 10 times, saves the value as str2. After that hashes str2 another 10 times and save as str3.

Now check if Text3 is equal to an hard coded MD5 hash :”2D3114BCC2E5C58BBAC77F04237723D9″, if yes then decrypt the encrypted files using str2 as key.

The problem is that I brute forced it with no success, no number from 0000-9999 if hashed 20 times is equal to the hardcoded value in the source code.

Then I thought maybe the challenge is harder and no 4 digit pin is equal to the hard coded hash (if hashed 20 times). I thought maybe brute forcing the dycryption? That way I’ll get 10,0000 files but how do I distinguish between the real DB and between file decrypted with the wrong key?

Thanks!

str = this.richTextBoxPinCode.Text;
    if (str.Length != 4)
    {
        this.richTextBoxPinCode.Text = "";
        return;
    }

    try
    {
        str2 = str;
        str3 = str;
        num = 0;
   
        while (true)
        {
            if (num >= 10)
            {
                num2 = 0;
           
                while (true)
                {
                    if (num2 >= 10)
                    {
                        if ("2D3114BCC2E5C58BBAC77F04237723D9" == str2)
                        {
                            buffer = StringToByteArray(str3);
                            this.DecryptFile(buffer, "ForceCoinTransactionSigner.dll.enc", "ForceCoinTransactionSigner.dll");
                            this.DecryptFile(buffer, "db.txt.enc", "db.txt");
                            base.Hide();
                            new AppForm().ShowDialog();
                            base.Close();
                        }
                        break;
                    }
                    str2 = this.DoMD5(str2);
                    num2 += 1;
                }
                break;
            }
            str2 = this.DoMD5(str2);
            str3 = this.DoMD5(str3);
            num += 1;
        }
    }

encryption – How to identify this hashed text and if it encrypted using a key?

For the second one, I think you mean 152 characters, not 152 bytes. The character set looks like base64, and the equals symbols at the end are another tell-tale sign that this is probably base64, as equals symbols are often used for padding in base64.

In base64, each set of 4 characters represents 3 bytes. You have 150 characters of actual information (again, the last two equals symbols are padding). This equates to 112.5 bytes of data ( (150/4) * 3). That equates to 900 bits of data (8*112.5).

That’s most likely not a hash, as no standard hashing algorithm produces a 900-bit result. It’s most likely not the result of AES encryption either, as AES produces blocks of 128 bits, and 900 is not a multiple of 128.

encryption – Can the user get the private key from the encrypted and the decrypted data?

What you asking is known as Known-Plaintext Attack or in short KPA. When RSA has properly implemented the answer is NO!.

Actually, the attackers don’t need to capture and access the plaintext in public-key cryptography. In public-key cryptography, the encryption is free, since you know the public key of the target, that is the pair (e,n), then you can encrypt as many pairs as you want. Formally we call this access to Encryption Oracle is free.

RSA encryption is proven to be semantically secure if OAEP padding is used.

Semantic security

it must be infeasible for a computationally bounded adversary to derive significant information about a message (plaintext) when given only its ciphertext and the corresponding public encryption key.

The semantic security is equal to Ind-CPA ( indistinguishability under chosen-plaintext attack) and this is a stronger assumption than KPA.

In a chosen-plaintext attack the adversary can (possibly adaptively) ask for the ciphertexts of arbitrary plaintext messages

Of course, there were attacks on the RSA other than the factoring over the years. This article covers many of them;

Can anyone use your private key if its encrypted on bitcoin core?

I bought cold storage coins with private keys engraved. After I import and encrypt the wallet in bitcoin core, can just the private keys be used to access the wallet or would you also need the passphrash i encrypted it with?

In other words, can the manufacture access my wallet with the private keys if i encrypt the wallet on bitcoin core?

macos – How do I decrypt an APFS volume that’s marked “Encrypted at rest” (T2-equipped Mac)

See also: What does “FileVault: No (Encrypted at rest)” mean?

As a developer and researcher, I need some APFS volumes on a T2 Mac decrypted to the point that reading their raw blocks, e.g. with the dd command, will show me the unencrypted content. How do I achieve that, provided I have full access (and authentication) to the Mac and its on-disk data?

I’d either need a way to decrypt the blocks after reading them (e.g. from /dev/diskXsY), or would need to have macOS decrypt them fully, just like some hidden volumes (“Preboot”, “Recovery”, “VM”) are already by default.

With pre-T2 Macs this was easy: I would issue the command diskutil apfs decrypt diskXsY. But on a T2 Mac, this leads to the message:

APFS Volume diskXsY is not FileVaulted

How do I get raw access to the unencrypted content of these volumes’ blocks? Be it by using some command to decrypt them permanently, or getting the information on how to write code to decrypt the blocks on-the-fly.

Note: I do not plan to remove the SSD from the Mac – I just want to be able to scan the APFS structures of these volumes while they’re inside that Mac, and for that I need them decrypted.

Another benefit of answering this question: Decrypting the volumes permanently should enable a user to clone the raw disk (i.e. its containers) to another Mac, where one could then re-encrypt the data (if there’s a process for that).