encryption – MySQL Security – Is there an easy way to encrypt a confidential data and also that it cannot view or access by DBA?

Stack Exchange Network


Stack Exchange network consists of 176 Q&A communities including Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.

Visit Stack Exchange

encryption – Do I transmit a plaintext password to my PostgreSQL server?

PostgreSQL supports multiple authentication methods, and I think it supports SSL and plaintext connections. How do I find out which authentication method a server uses? I do not have access to the server configuration. Can psql tell we which algorithm it uses to transmit the password, and whether the connection is encrypted? Is there a PostgreSQL security scanner for this purpose?

encryption – What is the simplest post-quantum asymmetric cryptographic algorithm?

This question has been burning in the back of my head for the past few days, and a quick Google search doesn’t yield any usable results.

As the title suggests: What is the easiest-to-understand post-quantum cryptographic algorithm that currently exists (as of 18 Jan 2021)?

encryption – Curve25519 vs. Curve25519 and AES Key vs. Curve25519 AES Ciphertext (Instagram)

I am trying to send a password from a client to the server. I just don’t know how to encrypt it.

  1. method:
    I used a website (Instagram) as a guide here.
    Here the password is encrypted with AES and the key is then encrypted with a Curve25519 public key and sent to the server together with the encrypted text.

  2. method:
    I wonder why you only encrypt the key. I mean then you can already see how long the password has to be by using the AES encrypted password, or not?

    So why not encrypt the AES key and the encrypted password with Curve25519?

  3. method.
    The only problem is when you get the private key. Yes, just decrypt the text and you have the key to decrypt the AES directly. So the password is basically only encrypted with Curve25519. Is that enough?

Why does Instagram use Method 1? Reasons for performance?

Instagram always gives the same IV encrypted with the AES … is that bad if a new key is always generated?

I would appreciate a helpful answer 🙂
best regards

encryption – Is SSL Tamper Detectable?

SSL is “tamper-proof” in the following sense: no third party may alter the transferred data in any way, without the receiver being made aware of the tampering. Of course, an attacker can always cut the cables, disrupting communications ! But no alteration goes unnoticed, thanks to the use of Message Authentication Codes by SSL.

Note that SSLv2 did not include a “safe end” feature: an attacker could force a connection close at any point, and the receiver could no know whether this closure was from an attacker or really triggered by the peer. This was fixed in SSLv3 and ulterior versions (TLS), which include an explicit administrative message (close_notify) marking the will of one of the SSL parties to close the connection (this administrative message is covered by the SSL MAC, and thus cannot be forged by an attacker).

Among the cipher suites which SSL clients and servers can negotiate are some integrity-only cipher suites, such as TLS_RSA_WITH_NULL_SHA, which use MAC only but not encryption — so you can have tamper-proofness without confidentiality, if that’s what you want (deployed SSL client and server implementations rarely allow for these suites, and certainly not by default, but they are specified by the standard.

encryption – I am unable to generate and use a aes-256-gcm key in openssl, help

When I run:

openssl genrsa -aes-256-gcm -out rootca.key 4096

Then I get the following output:

$ openssl genrsa -aes-256-gcm -out rootca.key 4096
Generating RSA private key, 8192 bit long modulus (2 primes)
..........................................................+++
..........................................................................+++
e is 65537 (0x010001)
Enter pass phrase for rootca.key:
Verifying - Enter pass phrase for rootca.key:

And when I run:

openssl req -sha512 -new -x509 -days 1000 -key rootca.key -out rootca.crt

I get the following error:

$ openssl req -sha512 -new -x509 -days 1000 -key rootca.key -out rootca.crt
Enter pass phrase for rootca.key:
unable to load Private Key
140287193601344:error:0906A065:PEM routines:PEM_do_header:bad decrypt:../crypto/pem/pem_lib.c:461:

For the above, I used OpenSSL 1.1.1f (provided by apt.
I even tried using the latest 3.0.0-alpha version of OpenSSL. But I get a different error when generating the private key first of all:

Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
4067E7A7827F0000:error:0300007A:digital envelope routines:evp_cipher_param_to_asn1_ex:cipher parameter error:crypto/evp/evp_lib.c:160:
4067E7A7827F0000:error:06800072:asn1 encoding routines:PKCS5_pbe2_set_iv:error setting cipher params:crypto/asn1/p5_pbev2.c:81:
4067E7A7827F0000:error:1188000D:PKCS12 routines:PKCS8_encrypt:ASN1 lib:crypto/pkcs12/p12_p8e.c:32:

How can I make this work?? Is AES-256-GCM not supported by OpenSSL? If so, is there an alternative to OpenSSL that can generate this type of key?

Btw, AES-256-CBC works perfectly. But, no luck with GCM.

encryption – gpg stopped decrypting a symmetrically encrypted file

Just yesterday I decrypted this same file using a key that I have written down, but today every time I try the same key gpg returns:

gpg: decryption failed: Bad session key

I suspect that either I was typing something wrong every time I decrypted this file and didn’t notice or there’s something wrong with the characters that are being entered by my keyboard.

Also, gpg says it is AES256.CFB encrypted data, although I don’t remember seeing this CFB anytime I decrypted something in this computer, although I might be mistaken, neither did I set this option when encrypting.

I am using Manjaro 20.2.1 and gpg 2.2.25 with libgcrypt 1.8.7

Can anyone help me?

What’s the best encryption strategy to go with when everybody needs to be able to write data but only a select people can view it?

I really just need an encrypted support ticket system essentially. The user who writes the ticket doesn’t need to be able to view it afterward but a handful of staff need to be able to decrypt the data and view it. My backend is Firebase (using Firebase Authentication as well) and the users will be submitting information via the mobile app and the staff will be viewing the information on a web app. Ideally, the encryption/decryption would be done on the client-side.

encryption – Whether TLS session resumption reuse the symmetric keys?

I am learning TLS Session Resumption.

What I got is session resumption can reduce 1 RTT for TLS 1.2 by reusing MasterSecret. Both the client and server needn’t to run key exchange algorithm.

My questions are:

  1. Whether session resumption reuses symmetric encryption keys (to encrypt TLS records).
  2. What factors affect whether to reuse symmetric encryption keys?

I searched around Google, but cannot find a authoritative answer. Here is what I got:

  1. Do not reuse encryption keys. Refer to SSL session key usage when browser opens multiple sockets to same server.
  2. Reuse encryption keys. Refer to https://wiki.openssl.org/index.php/SSL_and_TLS_Protocols#Session_Resumption

Any ideas are welcome.

encryption – How to identify this hashed text and if it encrypted using a key?

For the second one, I think you mean 152 characters, not 152 bytes. The character set looks like base64, and the equals symbols at the end are another tell-tale sign that this is probably base64, as equals symbols are often used for padding in base64.

In base64, each set of 4 characters represents 3 bytes. You have 150 characters of actual information (again, the last two equals symbols are padding). This equates to 112.5 bytes of data ( (150/4) * 3). That equates to 900 bits of data (8*112.5).

That’s most likely not a hash, as no standard hashing algorithm produces a 900-bit result. It’s most likely not the result of AES encryption either, as AES produces blocks of 128 bits, and 900 is not a multiple of 128.