why we use encrypt-decrypt-encrypt sequence in 3DES
Date : March 29 2020, 07:55 AM
I wish this helpful for you I'm largely restating what is said here: https://security.stackexchange.com/questions/1886/why-triple-des-used-in-ede-modeEncrypt-decrypt-encrypt (EDE) is the preferred method because if a single key is used for all 3 operations it is equivalent to regular 56-bit DES. That is, a 56-bit DES implementation can decrypt that message. This makes this version of 3DES backwards compatible with DES.
|
Coldfusion Decrypt Crash - An error occurred while trying to encrypt or decrypt your input string: ''
Date : March 29 2020, 07:55 AM
wish of those help Wrapping in a try/catch block worked for me in both Railo and CF. I see that you're using a page, but if that is indeed interfering, you can run this code once outside the application so that the try/catch will engage or temporarily disable the cferror.
Because of your CFERROR, I would run a script across your table as below, update the non-encrypted users with a flag field. Then you can either<cfset PlainPWsList = "">
<cfoutput><cfloop query="CheckPWs">
encrypted password: #i#<br/>
<cftry><cfset AttemptDecrypt = Decrypt(password...)>
<cfcatch type="any"><cfset PlainPWsList = ListAppend(PlainPWsList,userID)><!--- This password wasn't encrypted ---></cfcatch></cftry><br><br>
</cfloop>
</cfoutput>
<cfquery>
update users
set forcepwchange = 1
where userID in (<cfqueryparam cfsqltype="cf_sql_integer" value="#PlainPWsList#" list="yes">)
</cfquery>
select userid,stuff from users
where username = <cfqueryparam cfsqltype="cf_sql_varchar" value="#form.username#">
and ((password = <cfqueryparam cfsqltype="cf_sql_varchar" value="#encrypt(form.password)#"> and forcepwchange = 0) or (password = <cfqueryparam cfsqltype="cf_sql_varchar" value="#form.password#"> and forcepwchange = 1))
<cfset PlainPWsList = "">
<cfset EncryptedPWsList = "">
<cfoutput><cfloop query="CheckPWs">
encrypted password: #i#<br/>
<cftry><cfset AttemptDecrypt = Decrypt(password...)>
<cfset EncryptedPWsList=ListAppend(EncryptedPWsList,userID)>
<cfcatch type="any"><cfset PlainPWsList = ListAppend(PlainPWsList,userID)><!--- This password wasn't encrypted ---></cfcatch></cftry><br><br>
</cfloop>
</cfoutput>
<cfquery>
update users
set forcepwchange = 2
where userID in (<cfqueryparam cfsqltype="cf_sql_integer" value="#PlainPWsList#" list="yes">)
</cfquery>
<cfquery>
update users
set forcepwchange = 1
where userID in (<cfqueryparam cfsqltype="cf_sql_integer" value="#EncryptedPWsList#" list="yes">)
</cfquery>
select userid,stuff from users
where username = <cfqueryparam cfsqltype="cf_sql_varchar" value="#form.username#">
and ((password = <cfqueryparam cfsqltype="cf_sql_varchar" value="#hash(saltedpassword)#"> and forcepwchange = 0)
or (password = <cfqueryparam cfsqltype="cf_sql_varchar" value="#encrypt(form.password)#"> and forcepwchange = 1)
or (password = <cfqueryparam cfsqltype="cf_sql_varchar" value="#form.password#"> and forcepwchange = 2))
|
Encrypt string in java, decrypt in node.js, error: bad decrypt
Tag : java , By : mhedberg
Date : March 29 2020, 07:55 AM
this will help When you create the decipher object on the node server, you are passing a password rather than an actual key. In order to specify the actual key, you need to use crypto.createDecipheriv(), but this requires an actual IV (this example uses 8 null bytes, but that's not recommended for real encryption; Initialization Vector on wikipedia) I was able to get your example working by explicitly specifying padding, block mode, and IV: String privateKey = "someprivatekey";
String data = "dataToEncrypt";
DESKeySpec keySpec = new DESKeySpec(privateKey.getBytes("UTF-8"));
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");
SecretKey key = keyFactory.generateSecret(keySpec);
byte[] dataToBytes = data.getBytes("UTF-8");
Cipher cipher = Cipher.getInstance("DES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(new byte[8]));
// send this string to server
String encryptedStr = Base64.encodeToString(cipher.doFinal(dataToBytes), 0);
var privateKey = 'someprivatekey';
var textToDecipher = '9Y8GTNxhQkKSIm5pmH91VA=='; // Text "dataToEncrypt" encrypted using DES using CBC and PKCS5 padding with the key "someprivatekey"
var iv = new Buffer(8);
iv.fill(0);
var decipher = crypto.createDecipheriv('des-cbc', privateKey.substr(0,8), iv);
var dec = decipher.update(textToDecipher, 'base64', 'utf8');
dec += decipher.final('utf8');
console.log('deciphered: ' + dec);
|
Decrypt fails if content is only a zero (0) with openssl encrypt decrypt
Tag : php , By : Hugo Hernan Buitrago
Date : March 29 2020, 07:55 AM
it should still fix some issue I am using the following function for encrypt and decrypt of wordpress post content in a WordPress plugin: if ( false == $output ) {
$output = $string;
}
if ( false === $output ) {
|
Calling GnuPG in Java via a Runtime Process to encrypt and decrypt files - Decrypt always hangs
Date : March 29 2020, 07:55 AM
|
Boards Message :
Related QUESTIONS :