How to identify the sender of a message in asymmetric encryption?

I am working on a chat application, and I am trying to secure the communication by using asymmetric encryption. I am able to encrypt a message with the receiver’s public key and decrypt a message with the receiver’s private key.

However, how can a client be sure that the sender is the real sender?

Example: We have Alice and Bob. Alice encrypts a message with Bob’s public key, and Bob decrypts the message with his own private key. However, how can he be sure that the sender of the message is Alice?

I have read about adding a nonce, but I am not sure how that will help. What I understand is that Alice will add a random number to the message she sends. Bob will be, somehow, able to identify the sender of the message as Alice by looking at this number?.

Let us say that the message is: “Hello Bob” and the nonce is “6”. The message gets encrypted with Bob’s public key, but what about the nonce?

Identify date from code on back of print photo

I am digitizing all of my old family photos and was curious if anyone knew how to interpret this code and figure out the date the photo was taken or printed. Either would be fine:

Sample Code #1:

032 12+00 NNNNN+15AU 0110

Sample Code #2:

046 12+00 NNNNN+16AU 0110

My guess was that 15AU and 16AU represent 15th and 16th of august but I could be off about that. I also don’t know where to find the year. Thanks for your help! And please let me know if there is a more accurate title for this question. Thanks!

Heuristics to Identify CSRF from Web Access Log File

I am new here in security.

I want to identify suspicious users on web application by analyzing web access log file. For this, I am considering CSRF attack.

For this purpose, I am generating some heuristic (possible) rules for identification of suspicious users from web log. I am not confident but still guessed some rules,

In web log,

1. Referrer URL is blank or not equal to requested URL’s domain name.

for e.g.

192.168.4.6 ­ ­ [10/Oct/2007:13:55:36 ­0700] "GET /trx.php? amt=100&toAcct=12345 HTTP/1.0" 200 4926 "http://www.attacker.com/freestuff.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)" 

Two fields are important here, the requested URL (/trx.php? amt=100&toAcct=12345) and the referer (“http://www.attacker.com/freestuff.php“). Usually, the referer is an URL from the same site (www.bank.com). Here is a sample perl snippet, how this could be detected:

# assuming $  referer is set with the, well, referer if ( ( $  referer ne '­' ) && ( $  referer !~ /^https?:\/\/www.bank.com\/(login|overview|trx)\.jsp/ ) )  {     # handle XSRF attack     print(“XSRF attack: $  referer\n”); } 

2. If HTTP status is 403 i.e. Access Denied

(If the CSRF token is not sent, or if an invalid CSRF token is sent in requests that require a CSRF token). So, here checking of 403 status will be included. Because token can not get checked in log file.

3. By measuring the time ­difference of the requests of a user.

If there was no user input for several minutes and then suddenly some transfer requests are coming in, it could be an indicator that this request was triggered by something/someone else. Here, it will be needed to check time difference upto the threshold value from same IP address.(Along with this, If values are present after ? symbol and if these would be ‘pass’,’password’,’amount’,’amt’,’money’, or any link and if User request status would be 200 i.e. successful or OK).

4. Multiple POST request (repeatation) from single IP address also results into CSRF.

Idempotent methods and web applications Methods PUT and DELETE are defined to be idempotent, meaning that multiple identical requests should have the same effect as a single request (note that idempotent refers to the state of the system after the request has completed, so while the action the server takes (e.g. deleting a record) or the response code it returns may be different on subsequent requests, the system state will be the same every time[citation needed]). Methods GET, HEAD, OPTIONS and TRACE, being prescribed as safe, should also be idempotent, as HTTP is a stateless protocol.

In contrast, the POST method is not necessarily idempotent, and therefore sending an identical POST request multiple times may further affect state or cause further side effects (such as financial transactions). In some cases this may be desirable, but in other cases this could be due to an accident, such as when a user does not realize that their action will result in sending another request, or they did not receive adequate feedback that their first request was successful. While web browsers may show alert dialog boxes to warn users in some cases where reloading a page may re-submit a POST request, it is generally up to the web application to handle cases where a POST request should not be submitted more than once.

5. A website might allow deletion of a resource through a URL such as http://example.com/article/1234/delete, which, if arbitrarily fetched, even using GET, would simply delete the article. (I don’t know what to do here)

I know, CSRF identification from log file is difficult, so, I am mentioning possible ways (i.e. heuristics) here. If wrong, correction in this is required. Any more rules/help would be appreciated.

How to identify the original manufacturer of lenses branded Sears?

There are Sears-branded lenses for which I wish to identify the manufacturer. I have read that Sears encoded the manufacturer in the serial number, so in principle, I just need to find a list of applicable manufacturer codes.

The lists I have found so far do not contain any lens manufacturers, so are unlikely to apply to lenses, unless it was common for vacuum-cleaner manufacturers to also produce lenses.

What are the manufacturer codes for lenses that have been rebranded Sears?

How to identify the original manufacturer of lenses branded Focal (Kmart)?

There are Focal-branded lenses for which I wish to identify the manufacturer.

I have read that Focal is the Kmart house brand for optical equipment (cameras, lenses, binoculars, etc). They also appear to have encoded the manufacturer in the serial number, so in principle, I just need to find a list of applicable manufacturer codes. I have so-far been unable to find such a list.

What are the manufacturer codes for lenses that have been rebranded Focal (Kmart)?

How to identify the original manufacturer of lenses branded J.C. Penney?

There are J.C. Penney branded lenses for which I wish to identify the manufacturer. How can I do so?

It appears to have been common for redistributors to have encoded the manufacturer in the serial number. If this is the case for J.C. Penney, as it was for others, then in principle, I just need to find a list of applicable manufacturer codes. If J.C. Penney was engaged in this practice, what are the manufacturer codes for lenses that were rebranded J.C. Penney?