encryption - What implementations allow me to detect failed HMAC validations to detect active attacks? -

-

i'm trying bring awareness around need authentication encryption using software alert , report on failed mac verification attempts, , sharing results middle management.

i'm not cryptographer, see value in proper implementation. ideally i'd create report says x attacks prevented.

is valid idea, or overly simplistic? if not, should start in implementing it? (low level aes, pgp, etc?)

here c# mac code sample modified alert or log when authentication fails. incomplete sample shouldn't used as-is since many other details need considered before implementing authenticate-then-encrypt (ate) or encrypt-then-authenticate (eta)

it nice know performance counter, log file, or dll exception relates error. i'll investigating bouncycastle see corresponding exception is.

// compares key in source file new key created data portion of file. if keys  // compare data has not been tampered with. public static bool verifyfile(byte[] key, string sourcefile) {     bool err = false;     // initialize keyed hash object.      using (hmacsha1 hmac = new hmacsha1(key))     {         // create array hold keyed hash value read file.         byte[] storedhash = new byte[hmac.hashsize / 8];         // create filestream source file.         using (filestream instream = new filestream(sourcefile, filemode.open))         {             // read in storedhash.             instream.read(storedhash, 0, storedhash.length);             // compute hash of remaining contents of file.             // stream positioned @ beginning of content,              // after stored hash value.             byte[] computedhash = hmac.computehash(instream);             // compare computed hash stored value              (int = 0; < storedhash.length; i++)             {                 if (computedhash[i] != storedhash[i])                 {                     err = true;                 }             }         }     }     if (err)     {         console.writeline("hash values differ! signed file has been tampered with!");         //          //          // <-------- mac alerting go         //          //           return false;     }     else     {         console.writeline("hash values agree -- no tampering occurred.");         return true;     }  } //end verifyfile

Comments

Post a Comment

Popular posts from this blog

objective c - Change font of selected text in UITextView -

-
can suggest me how change font of selected text in uitextview.i cannot use uiwebview since have edit text. have seen pages app.how possible in app. see formatting text within uilabel differently . since need editing, should @ javascript-based editors such ckeditor or tinymce . highly recommend wwdc 2011 video session 511: "rich text editing in safari on ios."
Read more

php - Accessing POST data in Facebook cavas app -

-
so i've got simple form in canvas / iframe facebook app, , i'm trying pass along values post. reading on s.o. , fb's latest docs, understand it, data send via post form can accessed on receiving end $_request object. i read on thread on s.o. in order post forms work need pass along input named "signed_request" value current signed_request (i have signed request working ok otherwise...all login , authentication stuff working fine). isnt mentioned anywhere in official fb docs. so problem comes in $_request object signed request, , bunch of other session stuff. form inputs found. the way can read them set method of form "request" isn't real form method. takes of inputs , sends them args in url. horrible. here's sample page canvas app form i'm using try debug (leaving out authentication stuff): <form enctype="application/x-www-form-urlencoded" method="post" target="_top" id="my_form" action=...
Read more

c# - Getting control value when switching a view as part of a multiview -

-
i have following code in aspx page: <asp:button id="display_button" runat="server" text="display" onclick="button1_click" /> &nbsp; <asp:button id="edit_button" runat="server" text="edit" onclick="button2_click" /> &nbsp; <asp:button id="save_button" runat="server" text="save" onclick="button3_click" visible="false" /> &nbsp; <asp:multiview id="multiview1" runat="server" activeviewindex="0"> <asp:view id="view1" runat="server"> <asp:formview id="view_program" runat="server"> <itemtemplate> <%# eval("status").tostring().trim() %> </itemtemplate> </asp:formview> </asp:view> <asp:view id="view2" runat="server"> ...
Read more