How is plaintext handled at protonmail server?

I am quite happy with, indeed grateful for, protonmail. There is one point I’d like to understand better regarding end-to-end encryption. I asked this twice at protonmail.com, and twice it was removed by the moderator. I hope someone here can answer.

I infer that an outgoing message is transmitted via https to the protonmail server where it is pgp-encrypted and the plaintext discarded; the reverse for incoming messages. Is this basically correct?

If so, then “end-to-end encryption” doesn’t mean quite what I thought, and I would like to know a little more about how the plaintext is handled by the server.

I don’t distrust protonmail. I understand that if I felt the need I could download public and private keys and encrypt locally, but then I might as well use gmail :p

tag in plaintext multi line field in quick edit mode

I’ve got a generic list with a multi line text field, that is set to plaintext. When I view the list or edit a single item, everything is fine. When I change to quick edit mode and write a text with line breaks, still everything looks normal.

But as soon, as I am in quckedit mode and not editing this field anymore, the line breaks are displayed as <br>-tags

before and after leaving the cell

After ending the quick edit mode, the field is displayed correctly again. But when I turn quick edit back on, the <br>-tags are displayed again.

Is this a known bug? Is there a fix for it?

Email Plaintext

I’m interested in viewing emails without “opening” them up. In other words, I’d like to view the the “plaintext”, or text that an email is composed of – being able to see the html or whatever else lies in the plaintext. The whole point is to not use any html, javascript, or whatever else would be “activated” by the computer once the email is opened – in effect, veiwing the entire email in text without the process of starting a virus.

Is this possible? Which programs or applications can do this? How can we do this?

When knowing an individual’s plaintext password history, how much information is expected to be gained with a new password? Do we know this?

The premise: Knowing a persons password history should provide information to help when guessing a new password of theirs.

At an extreme end, with a password history of wildcats, wildcats1, then wildcats2, I’d guess there is less than 1 bit of entropy in their next answer.

At the other extreme end, someone with randomly generated passwords would lose no information in their history. From an information-theoretic point of view, I imagine this is something we can estimate using the large amounts of password history data available in the world.

Somewhere in the middle, a history of “wildcats!Reddit”, “crazydogs!Facebook”, “locobirds!Stackexchange” would give me some good ideas for a Twitter password, and would greatly reduce the entropy of their hash. Of course, this would be related to the concept of password strength.

I’m not so well-read on security, but I assume my idea is not unique. Is there a name for this concept? Do we know any real-world values for the amount of information gained / entropy lost?

How do I get a plaintext list of tags from a multi value entity reference field in Drupal 8?

I have a module that’s making custom RSS feeds for me.

In a content type, I have my tags stored in “field_tags” entity reference field.

My goal is to get the names of all the tags, and ultimately put them into an array, so they can go into a markupless RSS field.

When I’m pulling the data, I get it with this:

foreach ($  this->dbh->selectVideos(self::RPP) as $  nid) {   $  node = $  this->entityMgr->getStorage('node')->load($  nid);    if (!empty($  node)) {     $  data->nodes[] = [       'title'    => $  this->filterTxt($  node->title->value),       'body'     => $  this->filterTxt($  node->get('field_paragraph')->value),       'body2'     => $  this->filterTxt($  node->get('field_paragraph')->value),       'created'  => date('D, d M Y H:i:s', $  node->created->value) . ' GMT',       'guid'     => $  node->id(),       'img'      => $  this->getImgUrl($  node, self::IMG_FIELD),       'keywords' => $  this->filterTxt($  node->get('field_tags')->value),       'video'    => $  node->get('field_vid_url')->getString(),     ];   } } return $  this->render($  data, 'nameoffeed'); 

}

The problem is that ‘field_tags’ is an entity reference field, so it’s turning up blank.

I had partial success with this:

    if ($  node->hasField('field_tags')){       $  entity_ref = $  node->get('field_tags');       if ($  entity_ref->count() > 0){         $  tagoutput = entity_view($  entity_ref->entity, 'default');       } 

Then setting ‘keywords’ to equal $ tagoutput. This grabs the first tag, which isn’t great as I need them all, and then along with it comes a whole html layout enclosure that won’t work for an RSS feed.

I’m confused what the correct way is to get a proper list of tag names. In D6 I had this list as plain text, which wasn’t great because you wouldn’t be able to click on one in the page view and be taken to a list of all pages with that tag, but at least the tags worked on the feeds easily.

Any thoughts?

Website returning plaintext password

I have recently logged into a website. When I clicked on the “Update Profile” page, you are displayed with a list of text boxes for all the user fields, e.g. name, email, phone number etc.

There is also a box for password and confirm password (for if you wish to update these values), however, when you go into this page, those boxes are already populated, which made me think, why are they putting placeholders in?

When going into inspect element, they actually have the values of your password, transformed into upper case like this:

<input type="password" name="txtPassword2" size="45" value="MYPASSAPPEARSHERE"> 

I have also recently noticed that the case of your password or username is irrelevant when logging in – e.g. I can put it in all caps, all lower, or a mixture of both and it will still accept the password.

Is this a security hole and does this indicate they are storing passwords as plain text ?

Is this a secure way to protect passwords when they must be in plaintext?

I am building a web app which will use my school’s online grade reporting system. Students will sign in to my app using their credentials for the grade website. However, it does not provide an API, which means that my web app will have to store each user’s password to get access to their grade data or force each user to log in every time my app needs access. The web app will need to be able to verify the data from the grade reporting website, so the server will need to log in, which means that the plaintext password will at some point have to be on the server.

My solution is to have each user’s login details be stored locally in plaintext, then have the client send the credentials to the server whenever the server needs access to the grade system. The server would use the credentials to log in, then delete them. Everything uses HTTPS.

I believe that this system is secure because the plaintext passwords are on the server for only a short time and an attacker would not be able to access data stored on the client (assuming my web app is not vulnerable to XSS).

I’m planning to create the server in NodeJS and run it on a VPS.

Is this system secure? If not, what possible attacks exist and how could I prevent them?

Why is validating the integrity of the plaintext necessary in addition to validating the integrity of the cipher text?

Reading the iOS Security Guide’s description of the iMessage encryption protocol I’m trying to figure out why they included a mechanism for verifying the integrity of the plaintext as well as verifying the integrity of the final cipher text (emphasis added).

For each receiving device, the sending device generates a random 88-bit value and uses it as an HMAC-SHA256 key to construct a 40-bit value derived from the sender and receiver public key and the plaintext. The concatenation of the 88-bit and 40-bit values makes a 128-bit key, which encrypts the message with it using AES in CTR mode. The 40-bit value is used by the receiver side to verify the integrity of the decrypted plaintext. This per-message AES key is encrypted using RSA-OAEP to the public key of the receiving device. The combination of the encrypted message text and the encrypted message key is then hashed with SHA-1, and the hash is signed with ECDSA using the sending device’s private signing key.

What does this additional signature component add to the authenticity of the message?

Mostrar resultado automático en PlainText Android Studio

Saludos compañeros de StackOverFlow, la consulta es tengo 3 variables a saber: txtvalor1 y txtvalor2 son EditText los cuales ingreso los datos de numéricos cualquiera y eresult que es una variable de tipo plainText que tiene OBJETIVO OBTENER EL CALCULO NUMÉRICO DE LOS DOS EDITTEXT, ¿se puede lograr esto sin utilizar algún botón?