How can SubtleCrypto help in the process of sending a password via HTTPS?

I heard from someone that SubtleCrypto should be used in client-server communications to login and register, then he told me it would be useful even if someone took control in the middle of the HTTPS connection. I always thought that once the TLS failed, nothing else could be reliable (at least between 2 peers.)

Since I’ve never heard of SubtleCrypto nor this case specifically, and the documentation I’ve found is scarse and not really concrete, could someone explain how this would work? (if it would)

Edit: notice the way he thought of was encoding the password with SubtleCrypto, then send it to the server.

Will using CTR mode with unique IVs, but only one password for encrypting multiple files, leak data or keys?

I’m working on a project to encrypt many files with a single password.

The steps I will employ to encrypt the files are:

  1. user will execute a command similar to tool --encrypt --recurse directories/to/recurse and-other-files.txt
  2. the user will be prompted for a password
  3. two 64 byte crypto random salts and a 16 byte crypto random IV will be generated
  4. no 2 files will ever use the same salts or IV
  5. each individual salt will be combined with the password to create to 2 separate argon2id keys
  6. one key will be 32 bytes long and is used for the AES-256 cipher block
  7. the other will be 64 bytes long and will be used as the key for a sha-512 hmac
  8. the resulting encrypted file will be written as 2ByteVersion:64ByteHMACSalt:64ByteCipherBlockSalt:16ByteIV:EncryptedData:64ByteHMACSignature

I believe this would result in a reasonably secure, set of encrypted files. My main concern though, is that because of the way that users will use this tool, there is a good chance that they will accidentally encrypt small, easily guessed files.

And since CTR mode doesn’t require padding, anyone with access to the encrypted file will know the length of the plaintext file. It seems that CTR mode is considered secure for files, provided the IV is unique for each encryption run and the file is authenticated.

Is there a chance that the cipher key, HMAC key, or password could be derived through a known plaintext attack from enough small guessable files? Are there any other glaring flaws in my methodology that could leak data?

Windows Forms decrypt password SQL Entity Framework

tengo la siguiente cuestión, necesito hacer un proyecto en windows forms que consulte datos de una base de SQL que fue generada por Entity Framework, entonces estoy tratando de comparar contraseñas entre la que ingreso por WF con la que tengo en la base de datos, la cuestion está en que EF encripta los datos de la contraseña y por tanto si lo tengo que comparar pues, necesito desencriptarlo. Esto es una suposición, no se haya otra forma de comparar estos datos. Y pues este es el código que tengo

public partial class MainWindow : Window {     private Models.SecurityController _security;     public MainWindow()     {         InitializeComponent();         _security = new Models.SecurityController();     }      private void Button_Click(object sender, RoutedEventArgs e)     {         var email = EmailInput.Text;         var pass = PassInput.Password;         email = email.Replace(" ", "");         if (email == "" )         {             EmailInput.Focus();             Errorlbl.Content = "Por favor utiliza un mail valido";         }         else if (pass == "")         {             PassInput.Focus();             Errorlbl.Content = "Por favor utiliza una contraseña";         }         else if (email != null && pass != null)         {             using (DBEnt db = new DBEnt())             {                 var item = db.AspNetUsers.Where(u => u.Email.Equals(email)).FirstOrDefault();                  if (item == null)                 {                     Errorlbl.Content = "Usuario mail invalido";                 }                 else {                     Errorlbl.Content = "Usuario valido";                 }                  var query =                 db.AspNetUsers.Where(u => u.Email.Equals(email)).FirstOrDefault();                 var hashedpassword = query.PasswordHash;                 var unhashed = _security.Decrypt(pass, hashedpassword);             }         }     } } 

hasta este punto hashedpassword me devuelve null

Y todo esta es la clase SecurityController

class SecurityController {     public string Encrypt(string key, string data)     {         string encData = null;         byte[][] keys = GetHashKeys(key);          try         {             encData = EncryptStringToBytes_Aes(data, keys[0], keys[1]);         }         catch (CryptographicException) { }         catch (ArgumentNullException) { }          return encData;     }      public string Decrypt(string key, string data)     {         string decData = null;         byte[][] keys = GetHashKeys(key);          try         {             decData = DecryptStringFromBytes_Aes(data, keys[0], keys[1]);         }         catch (CryptographicException) { }         catch (ArgumentNullException) { }          return decData;     }      private byte[][] GetHashKeys(string key)     {         byte[][] result = new byte[2][];         Encoding enc = Encoding.UTF8;          SHA256 sha2 = new SHA256CryptoServiceProvider();          byte[] rawKey = enc.GetBytes(key);         byte[] rawIV = enc.GetBytes(key);          byte[] hashKey = sha2.ComputeHash(rawKey);         byte[] hashIV = sha2.ComputeHash(rawIV);          Array.Resize(ref hashIV, 16);          result[0] = hashKey;         result[1] = hashIV;          return result;     }      //source: https://msdn.microsoft.com/de-de/library/system.security.cryptography.aes(v=vs.110).aspx     private static string EncryptStringToBytes_Aes(string plainText, byte[] Key, byte[] IV)     {         if (plainText == null || plainText.Length <= 0)             throw new ArgumentNullException("plainText");         if (Key == null || Key.Length <= 0)             throw new ArgumentNullException("Key");         if (IV == null || IV.Length <= 0)             throw new ArgumentNullException("IV");          byte[] encrypted;          using (AesManaged aesAlg = new AesManaged())         {             aesAlg.Key = Key;             aesAlg.IV = IV;              ICryptoTransform encryptor = aesAlg.CreateEncryptor(aesAlg.Key, aesAlg.IV);              using (MemoryStream msEncrypt = new MemoryStream())             {                 using (CryptoStream csEncrypt =                         new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))                 {                     using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))                     {                         swEncrypt.Write(plainText);                     }                     encrypted = msEncrypt.ToArray();                 }             }         }         return Convert.ToBase64String(encrypted);     }      //source: https://msdn.microsoft.com/de-de/library/system.security.cryptography.aes(v=vs.110).aspx     private static string DecryptStringFromBytes_Aes(string cipherTextString, byte[] Key, byte[] IV)     {         byte[] cipherText = Convert.FromBase64String(cipherTextString);          if (cipherText == null || cipherText.Length <= 0)             throw new ArgumentNullException("cipherText");         if (Key == null || Key.Length <= 0)             throw new ArgumentNullException("Key");         if (IV == null || IV.Length <= 0)             throw new ArgumentNullException("IV");          string plaintext = null;          using (Aes aesAlg = Aes.Create())         {             aesAlg.Key = Key;             aesAlg.IV = IV;              ICryptoTransform decryptor = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV);              using (MemoryStream msDecrypt = new MemoryStream(cipherText))             {                 using (CryptoStream csDecrypt =                         new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))                 {                     using (StreamReader srDecrypt = new StreamReader(csDecrypt))                     {                         plaintext = srDecrypt.ReadToEnd();                     }                 }             }         }         return plaintext;     } }    

Quiza me estoy complicando mucho, alguien sabe como puedo hacer esto mejor o si lo estoy haciendo bien?

How should we apply the salt to the password?

According to Wikipedia:

A rainbow table is ineffective against one-way hashes that include large salts. For example, consider a password hash that is generated using the following function (where “||” is the concatenation operator):
saltedhash(password) = hash(password || salt)
Or
saltedhash(password) = hash(hash(password) || salt)

Say I’m using Argon2(di) to store passwords. Should I use the second method or first method to hash passwords?
And as a more general question, which hash method is typically better in password storage situations? (What about other situations like HMACS?)

Is there any Password Manager that supports Hardware-Based OTP encryption/decryption?

I see that some projects like KeepassXC use CR based OTP to provide some additional security. While this is discussed quite controversial my opinion is that – for quite some cases (e.g. most non-targeted attacks as of today) – it can provide additional security over having “only” a secure master password.

However: if at one point in time the attacker has access to both, the response and the version of the data encrypted with it, then obviously this adds no additional security to the encryption. So, for targeted attacks or speciallized tools any local OTP method I could find (CR based or certificate based) add no additional security. They all share the same design-flaw: if an attacker has access to all local data (including memory) at some point in time it’s not much better then a simple secure master password. It only rises the attack complexity a bit.

I wonder if there are things in the works to eliminate this last (“design-wise”) attack surface so even if a system is completely compromised we can rely on physical dongles like Yubikey to protect the most sensitive data and have features like physical presence dection for actual encryption (not only authentication) at hand.

Obviously I make alot of assumtions here e.g.: that the transport between the hardware dongle and the CPU as well as any memory in between is “secure”. But that’s not my question.

So, just out of interest: are there any projects that aim for such things? E.g. by implementing asymetric encryption for local files where the encryption and decryption is completely offloaded to a plug-and-play hw dongle like Yubikey, possibly even using a OTP derived from the private key on the dongle?

Are there other methods / areas of research that discuss this topic or even working solutions?

Error en producción, luego de descargar el proyecto local y cambiar password de BBDD

He descargado por ftp un proyecto de Symfony que estaba en producción y funcionando. Luego de la descarga, en el CPanel se ha cambiado la clave de la BBDD. Por lo tanto, he actualizado el archivo “parameters.yml” con la nueva clave, y luego lo subí al servidor de producción. Desde allí no ha funcionado más el sistema en producción.

Ya hemos comprobado que la clave sea correcta, porque nos hemos conectado vía Postgresql y funciona bien. Incluso, hemos vuelto a colocar la anterior clave en la BBDD y en “parameters.yml”, pero vemos que ese no es el problema.

He intentado consultar la versión de este proyecto pero me da el siguiente error:

Parse error: syntax error, unexpected ‘?’ in ..\vendor\webinarium\datatables-bundle\src\DependencyInjection\DataTablesExtension.php on line 56

In DataTablesExtension.php line 56:

Parse Error: syntax error, unexpected ‘?’

Luego de solucionar ese error, siguen apareciendo errores en otros controladores. Lo cual no es normal, ya que en producción estaba funcionando.

Me suena que el problema tenga que ver con la versión de Symfony que utilicé para mi proyecto local (3.4) y el nuevo proyecto que acabo de descargar.

En producción, el error que obtengo es muy general: “Authentication request could not be processed due to a system problem.”. Me he fijado en el archivo “var/logs/prod.log” y los últimos errores que aparecen, se repiten desde hace más de un año. O sea que en teoría no hay ningún error que impida funcionar al sistema.

Tampoco puedo ejecutar el comando: “php bin/console cache:clear –env=prod –no-debug” porque obtengo el mismo error.

Como he comentado, el sistema funcionaba bien hasta descargarlo de forma local o el cambio de clave de la BBDD.

Repeated unnecessary password prompts

My Ubuntu 18.04 desktop keeps throwing up password prompts which are clearly unnecessary, since I can just Cancel them and continue working without trouble. This happens immediately after I login and continues sporadically throughout my session, whenever I start Chrome or Remmina or several other applications.

Following the advice here I can temporarily stop this happening by removing or renaming .Xauthority and logging out and in again, but that’s a hassle and I’d like to automate it somehow.

Any ideas or other helpful comments?