Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
Me and other developers in my office encountered in this scenario :
We are an Insurance company which needs to send files to our customers.
But we need 2 things :
From The customers Point of view :
How can I be sure that this file that was sent to me is from My insurance company ?
How can I be sure that this file is the original file that was sent to me ?
for 2) i thought that I should use md5 and send it to the users - but this also needs its genuine... so Im in a dead end.
What is the best approach for this ?
p.s.
We don't want to open a virtual drive on our site - and let each costumer a username and Password.
Looks like you need Pretty Good Privacy
http://en.wikipedia.org/wiki/Pretty_Good_Privacy
This is exactly what public key encryption (aka asymmetric encryption) was made for.
You have a public key and a private key. You give the public key out to anybody you need to send files to. There is no need to protect this, you could post it on your website. Anything encrypted using your private key (which is secret) can only be decrypted using the public key.
So if your customers can use your public key to decrypt the file it proves it originated from you since you're the only ones with the private key.
If you're talking about email, take a look at digitally signing the email with S/MIME. You use a certificate issued by a CA (much like SSL), which proves both that your organization sent the email and that its contents have not been altered.
S/MIME validation support is built in to many email clients, including Outlook.
You need to cryptographically sign the files somehow, and the customers need to have a way of verifying these signatures. There are plenty of ways:
PGP
S/MIME
Distribution via HTTPS.
Do get this right, you have to think about what you are trying to protect, and what it is worth to you and to the customer to protect it. Is it the authenticity of the file when it is stored at the users computer? Do you want to avoid customers tampering with the file? Do you want to avoid someone tampering with the file before it gets to the user?
If the data you want to share is text documents, Adobe has support for signed pdf files. That might be worth examining.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I am working on an application which has both web and mobile java interface. Web is only a "spectator", therefore can't alter database in any way. On the other hand, the java interface can (and it often does). I don't want to use self-signed certificate so I came up with this solution. What I want to ask is whether it could be considered secure or if there is any better, more efficient way to do this. I am a bit paranoid person so please take this in account.
When an android device registers itself, I save pasword as sha256(pass + pass). This is the only time the device has to send password as a plain text. This function produces what I'll call [hash] and it will be stored in my database.
When logging in, the device sends new hash created by sha256([hash] + unixTime) as well as the unixTime. I need to use the [hash], otherwise I would not be able to verify the password. The server will try to reproduce the product of the function and if it succeeds, user is verified. Sent unixTime will be inserted into database afterwards, so I can also check, whether this time hasn't been used yet (if unixTime is less OR equal than saved, therefore forged / from past, I can safely discard it as invalid)
Similarly, all other packets which need authentication will be validated this way (so every packet = new hash)
Note: all hashes are converted to hex, just to spare a few bits.
What I want to ask is whether it could be considered secure or if there is any better, more efficient way to do this.
"Could be considered secure" isn't asking much. I consider it secure against unauthorized login, as long as an attacker doesn't have access to the device, the network, or the database. A straightforward system that transmits and stores the password in cleartext would also be secure in that kind of situation. It would make more sense to ask with a specific security goal and threat model in mind.
Here are a few key problems that this design:
If an attacker can get the hashes from the database, they can log in by computing sha256([hash] + unixTime) without knowing the password.
An attacker that controls the network can intercept a sha256([hash] + unixTime), unixTime pair and use it verbatim. SSL would prevent such an attacker from obtaining those values.
If an attacker can get the hashes from the database, they can quickly try hashing passwords and see which users' hashes match. Salted hashes would prevent this.
It sounds like in addition to saying you don't want to use a self signed cert that you're also oppossed to using https even if it was a certificate issued from a trusted certificate authority; is that so and if so why? Having your password in plaintext even once is a significant vulnerability; that plaintext password is free game to anyone running packet capture software on machines that your network traffic traverses, not to mention that if you've chosen the wrong http method then those passwords will definitely end up sitting in the logs of any proxies along the way.
I'd also suggest that at the least you store your passwords properly salted. Not doing so results in a number of security weaknesses if your database is retrieved by a malicious party; for example pre generated rainbow table attacks would be feasible as well as an attacker being able to easily identify which users have identical passwords thanks to the hashes matching. There's a great Owasp writeup on the key things you should look out for here.
Is using a solution like oauth an option? I recently implemented Google OAuth in a mobile application and it was pretty straightforward in combination with ssl. No need to reinvent the wheel, especially when it comes to crypto and user auth ;)
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 9 years ago.
Improve this question
Let's have N devices each has a unique name DEVICE_1, DEVICE_2, .. , DEVICE_N
Devices broadcast their names so that other devices can start communication with another device from the same group (according to the format of the name).
The device name is encrypted so that nobody else who is not in the group can see the name and thus can't fake the name.
There's one key for symmetric encryption used by all devices to encrypt their names and decrypt names of other devices.
The problem is that the key for symmetric enctyption is stored in the device. So if somebody hack into the device, reads the key, decrypt the name, change its name to existing name
of other device and ecrypt it, everybody else think that it's somebody else.
EDIT the idea below is wrong since the device must be able to decrypt the name offline
I came with a solution of storing the key in database on server so the name is encrypted on server once the device has registered to the service. This will work even when the name of the device has
changed since the change of name is always uploaded to server so we can do the encryption on the server again.
The only vulnerability left is if somebody breaks into the database and reads the key...
EDIT END
Any idea how to solve this?
Oh, I forgot, the devices can't communicate before they know each other's name so assymetric cryptography wouldn't help because I even don't know there's some device from my group out there.
First of all, it seems that you try to achieve authentication and integrity by encryption - it is a mistake. Even if you use more relevant cryptographic primitives like signature or MAC (Message Authenticated Code), while you use the same key for all the devices, you are exposed to problems when you use them if one of the devices is being hacked.
I think each device should have a public key, and the database should distribute them (with the corresponding identities) to the other devices.
The public keys might be signed by a trusted party (for example CA), such that given a public key and a signature, it is possible to detect corruptions.
Then, using the public keys and the identities, you can create pairwise symmetric keys (notice that every device should store N symmetric keys - exactly as the number of public keys it stored in this solution), and use them to communicate efficiently.
You can use only one key, but again - this is very problematic.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 4 years ago.
Improve this question
A script is used to send emails (only with Gmail) daily with user interactions. I would like to store their e-mail in hard drive in a plain text file. What is the right way to do it ?
I know one method would be to ask a user for a password to protect the e-mail password, but this method is pointless because the user should type in a new password every time an email is sent, so I rather ask their e-mail password instead.
Another way would be to encrypt the password and using a key with combination of specific informations to user like computer name+username+system+... and use this same key to decrpyt the encrypted password. The problem with this, that I'm using Autoit which is easy to decompile, so when a potencial attacker got the encrypted password, they could theoretically know the encryption key so doesn't matter who many uniq information I use for encrypt the password, they could get it anyway.
Another way would be to use OAuth for gmail, so the user doesn't need to type in password at all but I can't do that.
Any ideas ?
Since you're programming on Windows, I would suggest looking in to Windows APIs to do the crypto work for you. You can trust they are better than what you'd probably invent yourself, assuming you are not willing ot make different assumptions (ex: TPM).
On Win8 there is now a PasswordVault class, if you want to target that OS.
On <=Win7, there is DPAPI and Credential Manager
None of this is GMail specific...this is just generic "storing stuff securely on Windows" sorts of advice. There very well might be a better gmail-specific way (ex: service specific credential) that you should pursue. But even if you did that, this is a better way to approach storing it on the client OS.
As Eric has mentioned, DPAPI is the way to go if you are using Windows. http://msdn.microsoft.com/en-us/library/ms995355.aspx
The function CryptProtectData() uses the Windows logon information for that particular user to encrypt the data so that no other user on the system can decyrpt the plain text which you store.
AutoIt has _Crypt...() functions to use for this. You can hash the #computername or #username and use the hash as a key for the _Crypt_DeriveKey() function to localize its usage of the password. Then use the key to pass into _Crypt_EncryptData() targeting the password string as the data. Store the encrypted key in your plain text file.
When you go to call it back, read the file, create the key again with _Crypt_DeriveKey() and then decrypt it with _Crypt_DecryptData(). The output of the latter function should be your password.
Crypt.au3 utilizes the WinAPI functions for encryption.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
Friend of mine wanted introduce in his company emails PGP encryption for exchange mails with clients. He asked me to write easy app supporting that.
I found useful dll wrapper - so it seems to be not very big deal to write app.
What puzzles me is security aspect. (I dont want to push him on the mine)
I know PGP uses private/public keys combination. It uses also passphrase to encrypt private key.
This is clear
But what if one of co-workers change passphrase before leave company?
Does it mean that firm will be not able to open archive mails with communication to clients?
(Sounds like best way to blackmail, vengeance etc...)
Assumption: all users' keys (pub + prv) are stored on users (network) home drive and backuped.
1st generated key's password is stored in envelope in safe box.
So keys can be restored - but (I guess) keys can be useless when you dont know current password used for private key encryption?
(Correct me if I'm wrong!)
I wonder how you archive it! What's your experience?
The encrypted private key is a blob. PGP usually stores it in a "keyring", which is a data structure of its own, but nothing prevents you from having a copy of that blob somewhere else (e.g. on a CDROM stored in a safe). This is generically known as "key escrow": a backup copy of the key, to be used if the key holder becomes unavailable (this includes "he was fired" but also "he was hit by a bus").
A user changing his passphrase would reencrypt his private key (the same private key) with his new passphrase, but the escrowed copy would be unaffected, and since this is the same private key, the situation can be recovered from.
What you need, however, is a company policy which enforces key pair generation through the escrowing system. A basic escrowing system consists of a system administrator with a PC: the sysadmin creates the key pair, stores a copy in the company safe, and hands the key pair to the user (e.g. on a USB stick). The user then imports it in his own keyring, with whatever passphrase he sees fit. The important point is that no employee shall ever use a key which has not been generated in such a way.
For digital signatures, situation is different: no data is lost if the private key becomes unavailable, and previously issued signatures are still valid and can still be verified. Normally, digital signature keys are not escrowed.
I've built a client-server system, where clients sign in to communicate securely with other clients through the server.
Here are the properties of my system:
-Client-server communication is SSL encrypted
-Client login details are stored as hashes securely with their salt on a database stored locally on the server
-On login, every client sends a session public key to be stored on the server, which other clients use to encrypt a symmetric key. The symmetric key is used for later message encryption to prevent server eavesdropping
-On chat initiation, fingerprint user authentication is used to ensure user is who he/she pretends to be. It is usually done through a phone call reading out the fingerprint, which is a SHA256 hash of both public keys split in two and XORed for convenience.
-MAC is sent along with every message
What would you suggest to improve this? What possible attacks could my server suffer?
Thanks
It seems like you could still suffer from a Trojan client application, but what you really need to do is take a step back from the various security technologies. What does all this security protect? Who would like to break it? What would they do if they could break it? Answers to those questions will help you identify how the system might be attacked, and propose useful countermeasures.
It looks like you are looking at this problem haphazardly - build a threat model of your design; and mitigations will come to you! Start here: http://www.microsoft.com/security/sdl/getstarted/threatmodeling.aspx