Security of encrypted data and decrypting key

I am writing a python program in which I use encryption. The user can set the password and when it will be an input, the database will be decrypted. However, the function needs the decryption key to decrypt. So I thought about hiding that key somewhere(encryption and decryption key will be generated dynamically which means that the user on new device will have another decryption key.). I have no idea where I could hide it, so program could use it, but the user could not crack it.

Decrypt in chunks a ASE 128 CBC encrypted object

I have an Encrypted object in Minio, encrypted using the ASE 128 bit CBC algorithm.

The object is quite large (~50 MB) so instead of loading it into the memory completely (which may cause out of memory exception), I am retrieving it in chunks of 1MB. I need to decrypt it before use.

Is it possible to decrypt the object in this way (1MB at a time, the whole object was encrypted in one go)? If yes, how can I do it? I have tried decrypting 16-byte chunks which produce the following errors:

javax.crypto.BadPaddingException: Given final block not properly padded

javax.crypto.IllegalBlockSizeException: Input length must be multiple of 16 when decrypting with padded cipher

Do browsers know domains that are supposed to be encrypted?

Do browsers have a list with sites that are supposed to be encrypted?

Could a man in the middle attack be performed by presenting a user a http site instead of an https site? That way the server would not need to provide a certificate.

It wouldn’t show up as a secure site in the browser but I think most people wouldn’t notice it. And it wouldn’t warn the user, because there are legitemate sites who don’t use https.

Would such an attack be possible or does the browser notice that the site is supposed to use https but doesn’t?

How to find the hashed password contained in an encrypted file? [closed]

I have an encrypted "*.pbl" file (100kb) that contain my forgotten password. My password is very easy: number+lower case letters with length=6. Once I find the Hashed password I’ll quickly recover my password.

Of course the hash of a file can be found but it is still not the hash of a password. How do I find the hashed password?

One thing I could possibly do is to create another account with another password; this way I can generate a new encrypted file with the exactly same format and I might be able to find the position of my passwords.


PS: I did check related post but obviously I don’t need to do things like SQL injection because the file has always been on my local machine.

gmail warns about encrypted PDF file

I recently received a PDF file that, when attached to a gmail message, causes a warning to be displayed as follows:

Encrypted attachment warning – Be careful with this attachment. This message contains 1 encrypted attachment that can’t be scanned for malicious content. Avoid downloading it unless you know the sender and are confident that this email is legitimate.

However, I am able to open the file without getting prompted for a password. I followed the advice given in this security stack exchange question and used the pdfid.py program whereupon I got the below output:

$   pdfid.py ~/Downloads/filename.pdf PDFiD 0.2.7 /home/username/Downloads/filename.pdf PDF Header: %PDF-1.6 obj                  402   endobj               402  stream               401   endstream            401 xref                   0 trailer                0 startxref              1 /Page                  0 /Encrypt               1 /ObjStm               15 /JS                    0 /JavaScript            0 /AA                    0 /OpenAction            1 /AcroForm              1 /JBIG2Decode           0 /RichMedia             0 /Launch                0 /EmbeddedFile          0 /XFA                   0 /Colors > 2^24         0 

It would seem to me that since this file contains no JavaScript it is safe to open and handle. But I am puzzled by the encrypted message that Gmail displays. I guess it is related to the /Encrypt flag that’s set on the above output.

Why is Gmail telling me that the file is encrypted even though I can open it without being prompted for a password and would that, on its own, be reason for concern?

PyCrypto based encrypted Property class for Google App Engine standard – is this AES implementation secure

I have a need to encrypt OAuth access and refresh tokens stored in the Google Cloud Datastore.

The goal here is to ensure that if the Datastore entities are accessed independently of the code, the OAuth tokens will be encrypted and thus unusable.

This is not intended to protect against situations where both the code and Datastore are exposed together.

To securely store the data, I have leveraged PyCrypto’s AES implementation, and created a custom property type that automatically encrypts/decrypts the properties when accessing them.

The logic is as follows:

  • To store – I generate a random initialization vector, encrypt the data, then I base64 encode both the initialization vector and the encrypted data, and store them together in a text property.

  • To retrieve – I fetch the text data, slice off the base64 encoded initialization vector, and proceed to decode then decrypt the remaining data.

In addition to securing my own application, I am considering publishing the details and distributing the relevant code for others, so I want to ensure I have a secure or "correct" implementation of this functionality

(Note I have stripped out App Engine specific code and just included relevant encryption code here, for simplicity. The actual implementation allows it to be dropped into existing Datastore models in a backwards-compatible fashion).

 from Crypto.Cipher import AES   from Crypto import Random  from base64 import b64encode,b64decode  from meta_secure import aes_key #aes_key is a 32 digit alphanumeric string (GUID)    #encryption scheme  def encrypt_value(value):     rand = Random.new()     init_vector = rand.read(16)     aes = AES.new(aes_key,AES.MODE_CFB,init_vector)     encrypted = b64encode(aes.encrypt(value))     return '%s%s'%(b64encode(init_vector),encrypted)    def decrypt_value(value):     init_vector = b64decode(value[:24])     aes = AES.new(aes_key,AES.MODE_CFB,init_vector)     decrypted = aes.decrypt(b64decode(value[24:]))     return decrypted     

Have I used PyCrypto and AES correctly for the goal as stated above?

Can a structured (text) document be effectively encrypted

My situation:

I want to encrypt an HTML document. My question is, if the following is known, is that going to weaken encryption?

  • It is a text-based document
  • It starts with <DOCTYPE HTML> or a few variants of
  • This is followed by an <HTML> tag, followed by a <HEAD> tag, which contains a number of ‘

Would this knowledge help a hacker to decrypt without the decrypt key? Would such knowledge make my documents effectively un-encryptable?

My apologies if this is a very simple question. I am a neophyte.

Attacked by ransomware that has encrypted and renamed all files with a .makop extension

I’ve spent several hours searching the internet to see if anyone has cracked this encryption yet, but without any luck. I don’t want to reward criminals for their activity, but I do have a few files that I absolutely need. Besides finding a decryptor or paying the ransom, do I have any other options for recovering my files? I have been able to successfully restore a couple of systems from backups, but my personal system wasn’t backed up and has temporarily housed important files.

I’m somewhat familiar with best practices of backing up important files and/or saving to the cloud, but I will definitely be more vigilant in the future. It was mostly due to the ‘it will never happen to me’ mindset.

Relevant information:

  • I’ve identified how they got in, and have reset the password on that account (and all other accounts just in case).
  • I did have malware bytes and sophos installed. Looking at the Event Viewer, there are logs of both of these software being successfully uninstalled.
  • The files are renamed like this: originalFileName.orig.[8-digit-hex].[ruthlessencry@qq.com].makop
  • The ransom note file says to contact them at ruthlessencry@qq.com to pay them in bitcoins.
  • They’ll decrypt a couple of files for free, and then send me a scanner-decoder program after being paid.