Securely encrypt and decrypt files via PBE in Java (Jasypt seems insecure)

Requirements:

  • I have a Java app, which among other things, needs to encrypt/decrypt binary files on the file system. I’m planning to use PBE (password based encryption) since the password will be entered by the user each time they use the app (it’s not stored anywhere).
  • I don’t know if AWS KMS (key management system) or Google KMS can assist in any way, but it doesn’t matter since remote services are not allowed to be used for this project.

My Questions:

  • Are there any Java libraries that will help me achieve my requirements, aside from directly interacting with the JCE API (java cryptography extension)? I’m not a security expert and don’t want to misuse the JCE.
  • I’m also open to other ideas that don’t use a Java library, however, it must nicely integrate with my primary Java application.

Google Tink:

Tink doesn’t support PBE.

The lead developer of Tink (Thai Duong) has stated as such. Thai does say it is possible to achieve using an internal API (AesGcmJce.java), however, he goes on: “This is not recommended because the subtle layer might change without notice”. I want a stable solution, so Tink doesn’t cut it.

There is an open github issue to add PBE to Tink.


Jasypt:

Jasypt doesn’t seem secure.

If you want to know the details, read on, but it’s not required…

Jasypt is supposed to make PBE tasks easier, and the API is very simple, but the default parameter values it uses seem to be those which haven proven insecure (e.g., MD5 and DES). I can manually configure it to use more secure options but the very fact that its defaults are insecure makes me wonder what other aspects of the library are insecure.

For example, here are its default values when using the API:

  • Encryption algorithm: PBEWithMD5AndDES
  • No IV generator
  • Random salt generator of 64 bits using SHA1PRNG (java.security.SecureRandom)
  • KDF using MD5 with 1000 iterations

I can manually change the defaults to obtain the following configuration:

  • Encryption algorithm: PBEWITHSHA256AND256BITAES-CBC-BC
  • Random IV generator of 128 bits using SHA1PRNG (java.security.SecureRandom)
  • Random salt generator of 128 bits using SHA1PRNG (java.security.SecureRandom)
  • KDF using SHA256 with 1000 iterations

The API is super simple. Here’s how to instantiate the Java object which encrypts and decrypts binary data using the default settings (PBEWithMD5AndDES, etc):

StandardPBEByteEncryptor binaryEncryptor = new StandardPBEByteEncryptor(); binaryEncryptor.setPassword(password); byte[] cipherBytes = binaryEncryptor.encrypt(plainBytesArray); 

In order to make things more secure I installed a lib called Bouncy Castle which adds many cipher algorithms for use by the JVM. Among the many options I chose PBEWITHSHA256AND256BITAES-CBC-BC. Similar to the code above, here’s how I instantiated the more secure configuration:

StandardPBEByteEncryptor binaryEncryptor = new StandardPBEByteEncryptor(); binaryEncryptor.setPassword(password); binaryEncryptor.setProvider(new BouncyCastleProvider()); binaryEncryptor.setAlgorithm("PBEWITHSHA256AND256BITAES-CBC-BC"); binaryEncryptor.setIvGenerator(new RandomIvGenerator()); binaryEncryptor.setSaltGenerator(new RandomSaltGenerator()); byte[] cipherBytes = binaryEncryptor.encrypt(plainBytesArray); 

The library does have its own “stronger” encryptor classes (StrongBinaryEncryptor, AES256BinaryEncryptor, etc) but like I said, I’ve lost confidence in their software (unless you can explain otherwise).


Help:

Please help 🙂
thx

i like to know when microsoft going stop montoring our computers, and takeing files that they no right to

do u know how impossable it is to disable windows tracking. most u think just moveing few setting u done, currently there is over 100 gpo settings that must be eather turn on of off, then gpo must be appled to computer, forget firewall microsoft servers are hardcoded in the os, u must disable all task,in trasmiting information, go to regisitery disable termaml server setting start up to 4 and if this not enouf u have block access to rdp, ftp as on all computers there is a active ftp server weather or not u installed it and a acktive http server, now we have other probems remote cmd, remote power shell. all office sends out to microsoft servers, currently there over 7000 data centers that some share with apple and cisco, microsoft will take passwords user names and encription certifices i have logs showing they do just this, that they tied linux in to windows was better way to access bouth os, as there servers gose on and off line takeing bits of infomraiton, over time they can vr your hole system and wach all u do and they do have abuilt to wach what u do and recored it, micrsofot admited to hacking with nsa they was supose to remove remote desktop but the move past this they found new way accessing all the computers, worse is nsa not only ones gets all your information, most gose to chana u all did know most all the code is writen in chana so is apple and cisco, and we ask why is it so easy to get hack, these busness would never pay to have a hack proof software as i did offer a way for them to do it, that system would be totaly trasparnet, but then microsoft could not get the files eather, so how beat microsoft at there own game, what i do is find microsoft certifices and remove remote access and access to the encraption system and to athenacattion, but they can target any server or pc, and sence they recored what u do they undo just about anything, so why trust micrsoft now i can prove microsoft did for two years target my network, i do have logs to prove it, was no hacker and microsoft them selfs said yes they was on my network logs prove it , as they work with cisco becomes hard to block them , now i like know why micrsooft keeps changeing sercruty settings on my network i do have there remote login certifices and ip address and they montor all gpo set ups why, u all have no right to this informaton so why are u takeing it, so again why trust microsoft

What is the risk of downloading files from a non-secured sites

I am a programmer. I recently developed an automation tool that periodically downloads couple of files over a non-secured (http) url.

Two files are:

  1. A text file that is very tiny (under 10KB) which has details about the version, checksum of the main file, the relative path from where to download, size of the file etc.
  2. A compressed (zip) file that contains a bunch of dat files which are actual files of interest.

Now the infosec team is raising questions on downloading the content from a HTTP site instead of HTTPS. The host doesn’t support https for whatever reasons. My question is how risky is the content to download from the site considering the following things.

  1. Host is a popular anti-virus product (McAfee: download.nai.com).

  2. It’s a direct download without any authentication/authorization.

  3. The files are binary *.dat files which are actually virus definitions of McAfee’s command-line tool. These dat files are used internally by this tool.

I am guessing the reason McAfee has put them for public access is to offload overhead caused by using https. My gut feeling is there is no risk because if there was any McAfee would have provided a secured portal to its customers.

Claim that Skype is an unconfined application able to access all one’s own personal files and system resources


Situation

I was about to install Skype on a laptop driven by Ubuntu 18.04 LTS Desktop. The software installation helper graciously informs me that Skype

is unconfined. It can access all your personal files and system resources

as per the screenshot below.

screenshot software installer ubuntu 18.04

Apparently there must be reasons to make a distinction from applications that do not call for this warning.

Reality-checks

  • Can Skype really scan anything I have in my home directory regardless of the permissions set to files and directories? Does it become like a sort of superuser?
  • What is the meaning of system resources there? Does it go about functional resources like broadband and memory, or is that an understatement for control on all applications?

Mitigation

  • How is it possible for an average “power user” to confine such an unconfined application?

Beside the mere answering, pointing out to interesting readings is also appreciated.

Inheritance: Folders and Files & Liskov Substitution Principle

Based on what I have been reading about the Liskov Substitution Principle, I understand that a square and rectangle class cannot be a part of the same inheritance tree.

I would like to apply these ideas to a Folder and a File, as they commonly exist on disk. Is there a property of one or the other or both which would force a conclusion they too should not be part of the same inheritance tree according to Liskov?

What are some properties we could consider?

  1. The data. Files consist of bytes. However, Folders can be considered to consist of the bytes of the files they contain.

  2. Access to both is defined by permissions

I suppose the property where inheritance breaks down would be one concerning containment. A folder contains files. A file does not.

Errors in importing files from Kontent Machine into GSA Search Engines Ranker.

Hello GSA Team
I discovered the following error. Please check to help me
I have used the Kontent Machine software to create contents for the GSA Search Engines Ranker.
For example, I created 100 files from Kontent Machine with the feature: “NO Spacing” or “Blank Line”

I then imported the above 100 files in the form of “Artice” into the GSA Search Engines Ranker software.

I see the following error: Only the first file produces 1 long and full content, while the remaining 99 files only produce short contents.



I think that GSA cannot import enough content. It only imports the first paragraph, causing the above error.
I will put the image for you to easily identify

I will attach a few files from Kontent Machine for you to check If there are errors you will be able to fix the error
Thank you so much

How exactly does Windows Defender in Windows 10 determine when to upload your local files to Microsoft?

Every time I install Windows 10, I painstakingly go through every setting that can be found in any GUI setting for the OS, disabling everything that sounds creepy.

One of the most disturbing things I’ve found is what I believe is called “automatic sample submission“, which means that the built-in anti-virus tool in Windows 10 can, by default, decide to upload any file it deems “potentially risky” to Microsoft, “for further analysis”. It also mentions that it doesn’t do this for files which “may contain personal data”.

But how can it know that? Does it:

  1. Simply look at the file extension and only upload .EXE and other “obvious binaries”?
  2. Does it ignore the file extension and instead look inside the file to check if it contains executable code?
  3. A combination of both?

What happens if I have a word processing document full of private information, but which also has a malicious macro or something accidentally baked (embedded) into it?

What happens if I have an EXE which actually has had all data files baked into it while I’m developing a game as to be a single file? (This is an actual situation I’ve been in in the past.)

Does it deem the data files for my local PostgreSQL database full of ultra-private information as “potentially dangerous” and upload those?

I can think of numerous situations where even the smartest code in the world would not be able to determine what contains private data or not. And, frankly, I have virtually zero confidence left in Microsoft’s judgment at this point, having wasted a huge amount of my life fighting the OS to be able to use it at all. I’ve found numerous typos in their “stable” releases, making me extremely scared of how much data has been uploaded in spite of all the care I’ve tried to take to avoid it.

I also remember that it eagerly wanted to re-enable this feature, even harassing me about it. I can imagine that the vast majority of users have no idea about this, let alone have gone through the trouble of force-disabling it.