Highest Voted 'key' Questions - IT Security Stack Exchange

38

votes

3 answers

Does Lawful Interception of 4G / the proposed 5G provide a back door for hackers as well?

A common saying among people in the field of cryptography and security is that when providing a back door to law enforcement, you also provide a back door for hackers. I was trying to examine the implementation of Lawful Interception from 4G and the…

asked May 10 '19 at 08:19

finks

467
4
4

28

votes

3 answers

Use multiple computers for faster brute force

I've watched Mr. Robot lately and can't stop thinking why it was so hard to decrypt files encrypted using AES encryption with a 256-bit key. Let us say the only method to find the key is through brute force. Can't we set a computer to brute force…

encryption aes brute-force key

asked Mar 05 '16 at 16:16

Mero55

835
1
8
9

22

votes

1 answer

Is assigning decrypted keys to a variable in application secure?

Let's say I've retrieved an encrypted secret key from the server. I decrypt it to get the actual secret key, assign the decrypted key to a variable in my app. Something along this: const encryptedKey = fetchKeyFromServer(); const secretKey =…

appsec key-management memory key

asked May 10 '17 at 05:35

xenon

355
3
7

12

votes

2 answers

Where should a keystore (.jks) be stored in a repository

I've got a question about the best practice in storing a Keystore file (.jks) in source control. This Keystore is called by a stand-alone Java component that retrieves a private key for the purpose of signing SAML assertions. For security purposes I…

key-management java key saml git

asked Sep 18 '15 at 14:47

rdChris

181
1
1
6

10

votes

5 answers

Can secrets be made safe in memory?

Say, I am running an application on a cloud server such as AWS. Suppose I supply a key at run-time (so its not stored anywhere alongside/inside code), is there a way to secure this key in memory? So if an attacker gets access to the remote server at…

cloud-computing memory key runtime

asked May 03 '16 at 06:51

Jus12

1,315
2
11
16

9

votes

2 answers

Securing API keys for a Twitter account for a program to be run on other PC's

I've created a method to allow my project EditVideoBot to be 'decentralised', where rather than the program processing and uploading all video editing requests on my own central server, users can volunteer to run this program on their computer and…

api python key

asked Mar 23 '21 at 01:39

pigeonburger

671
1
4
12

7

votes

1 answer

Validating an Ed25519 public key

Is it possibly to test if an Ed25519 public key is valid without having access to the private key, a signed message or anything except the public key? "Valid" as in "Not just 32 random bytes". I'm assuming not every random combination of bits would…

digital-signature key

asked Jun 11 '20 at 09:30

Martijn

205
1
7

7

votes

2 answers

HMAC and key size

I generated a keyed hash using HMAC-MD5 and HMAC-SHA256 for an arbitrary file with various keys of different lengths. Do we have to use a key with a fixed size in HMAC? If so, what is the key size? If not, why? When I tried with several keys of…

hash openssl hmac key

asked Feb 15 '19 at 07:29

user9355495

245
3
5

7

votes

1 answer

Car Key Security Questions

I am wondering how car key security works. Do cars keys just send a simple "lock" and "unlock" signal that works with any car from the manufacturer or any car of the same model? Or are specific keys registered to a car and then only those keys have…

encryption key vehicle

asked Aug 10 '16 at 03:24

Jay Schauer

225
2
6

6

votes

1 answer

Do I need to use salt with api key hashing?

I will generate api keys. I plan to store their hashes instead of plain text. do i also need salt, similar to storing password? AFAIK salt prevents rainbow table attack and those are more sophisticated way of a dictionary attack so i guess salt is…

hash databases salt key

asked May 10 '19 at 16:13

piotrek

269
1
8

6

votes

1 answer

How to securely store API keys

I need to store API keys for my users. These keys are extremely valuable as they are used to buy and sell things. Some users won't want to give these keys to anyone, and I'm trying to figure out a better solution than simply storing them in a…

proxy api key

asked Aug 27 '18 at 15:17

iKode

161
1
4

6

votes

2 answers

Is it safe to publish something encrypted with a password if you make it insanely difficult to crack?

Let's say you have a very important private key that you don't want to lose. You think of posting it to http://pastebin.com/ but then relize that elimanates the point. So you think of encrypting with the help of password key derivation, but that…

passwords hash pbkdf2 key

asked May 08 '16 at 15:51

PyRulez

2,937
4
15
29

6

votes

2 answers

Public key for SSH over the internet differs from a key for SSH over the LAN

I have a Raspberry Pi and can access it via SSH (authentication via user password) when my laptop is in the same network. Now I want to access it over the internet. I already set my router to forward the port to my Raspberry Pi and installed…

public-key-infrastructure ssh key-management key-exchange key

asked Mar 30 '16 at 23:37

UTF-8

2,300
1
9
24

5

votes

1 answer

Impact of having more X509v3 Key Usage fields than required?

I was wondering if having an "oversubscription" of "Key usage fields" inside a X509v3 certificate can negatively impact the performance and/or the security of a server. For example I have a CSR which requests: Digital Signature, Non Repudiation, Key…

encryption certificates public-key-infrastructure key

asked Aug 17 '21 at 06:19

metriXc

65
3

5

votes

3 answers

Hierarchical Key Rotation. Should I rotate the lowest level keys?

I have a hierarchical key system designed for my project. In this system a block of data is encrypted using a Data Encryption Key (DEK). This DEK is encrypted using a Key Encryption Key (KEK) which is encrypted using a Master Key (MK). The KEK is…

key-management key

asked Jan 17 '21 at 12:56

koni_dev

51
3

Questions tagged [key]