Questions tagged [cryptography]

62 questions
106
votes
5 answers

SSH keypair generation: RSA or DSA?

SSH supports two signature algorithms for key pairs: RSA and DSA. Which is preferred, if any? For RSA, what is the minimum acceptable key length?
Brad Ackerman
  • 2,141
  • 2
  • 17
  • 19
14
votes
4 answers

Validating signature trust with gpg?

We would like to use gpg signatures to verify some aspects of our system configuration management tools. Additionally, we would like to use a "trust" model where individual sysadmin keys are signed with a master signing key, and then our systems…
larsks
  • 41,276
  • 13
  • 117
  • 170
14
votes
5 answers

Why does a SSH public key sit on the server and not with the client?

I don't quite understand the theory behind keeping public keys on the server. In the lockbox analogy of public/private keys, to unlock Alice's box, Alice holds the private key while the public key is distributed to Bob. It would seem that the server…
rayhem
  • 255
  • 1
  • 2
  • 8
12
votes
6 answers

Generate entropy for PGP key

I'm logged onto a VM remotely and trying to generate a 4096bit PGP key, it just hangs forever because there is no entropy and since I'm working through remote desktop it probably does not detect the mouse movement as entropy. How can I generate…
redic
  • 121
  • 1
  • 3
12
votes
2 answers

Entropy on virtual machines

As you might know that it's not as easy to generate entropy on a virtual machine as on a "normal" pc. Generating a gpg-key on a virtual machine can take a while, even with the correct tools. There are plenty more crypto functions out there which…
dbanck
  • 403
  • 1
  • 3
  • 9
9
votes
3 answers

How are Windows MachineKey Container File Name's Derived?

In the C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys directory there's an enumeration of Key Containers. The naming convention is _ and I presume the to be a machine identifier. Ultimately I want to be able…
Colyn1337
  • 2,387
  • 2
  • 22
  • 38
9
votes
1 answer

md5sum returns a different hash value than online hash generators

On suse10 md5sum myname gives md5 hash as 49b0939cb2db9d21b038b7f7d453cd5d. The file myname contains string "ravi" while some of the online md5 hash generators for the same string seem to give a different…
Ravi
  • 91
  • 1
  • 2
9
votes
2 answers

Two SSL certificates with same key

If I generate two SSL certificates using the same key, am I diluting the strength of the certificates? (does it open the door for cryptanalysis or a possibility of compromising data across that channel)? Thanks
Wadih M.
  • 962
  • 1
  • 9
  • 17
8
votes
1 answer

Logging SSL ciphersuite used in Windows Server 2008 R2

Is there a way to see /log which cipher suites are (actively) being used to establish SSL connections on Windows Server 2008 R2? Ideally on a per request basis, like an extra column in the IIS logs.
Frederik
  • 183
  • 1
  • 6
8
votes
2 answers

Https for embedded devices, local addresses

I am trying to add https to the embedded devices I am working on. These devices are generally assigned local ip addresses and so cannot get their own ssl certificates. So essentially my question is how does one get a certificate for a device without…
Shiftee
  • 183
  • 1
  • 5
8
votes
1 answer

What kind of algorithm does .htpasswd uses?

I am trying to generate this kind of hashes programmatically: axF3s9cdEnsNP But I can't identify what kind of hash it is. The hash comes from a .htpasswd file. All the online htpasswd generators I tried generates different type of hashes.
trevhas
  • 83
  • 1
  • 3
5
votes
1 answer

Is there a way to see which groups/users have access to an RSA key container?

I used aspnet_regiis to create an RSA key container (machine container). I want to secure it and I know I can use the -pa and -pr commands to specify access. But is there a way to see which accounts/groups have access to it? My concern is I…
kingdango
  • 511
  • 1
  • 6
  • 11
5
votes
3 answers

PGP: on the web, what if everything was tampered?

I am trying to wrap my head around how Public Key Cryptography can really work in a secure manner. From what I can gather, you go to example.com and download their PGP/GPG Public Key and add it to your keyring. They then send you a text file (or…
Ken R.
  • 63
  • 2
3
votes
1 answer

MySQL - SSL with ECDSA Private Key

Under the list of supported TLS cipher suites here, MySQL contains support for a number of ECDSA suites. I tried to setup MySQL to use SSL with an ECDSA private key, but this does not appear to work: [mysqld] ssl-ca =…
3
votes
1 answer

Deprecation of RSA-SHA-1 in DKIM keys?

I recently noticed that opendkim on my mail server is objecting to DKIM signatures from a client, saying their key is insecure. It may be that that's due to lack of secure DNS (confirmation?) but I also noticed that the signing algorithm is shown…
mc0e
  • 5,786
  • 17
  • 31
1
2 3 4 5