How to devise cryptographic system with sharing ability

I am writing a application. For my application the data of the users should be encrypted in the database. The users should also be able to share data with other users. To that end I want to you RSA encryption.

My intended implementation is as follows: The public key of the user is stored in the database. Data that is to be shared with another user is encrypted with that users public key and stored in the database. Now, here are two problems I am facing with this approach:

1.) I want the public/private key pair to be derived from the user password so as to not have it stored anywhere unsafely on disk. Whenever the user logs into the application, the private key is derived and user data can be de-/encrypted. My question is, how can I derive an RSA key pair from the password?

2.) If the user resets their password, no previously encrypted data can be decrypted anymore, as that would require the user’s old password in order to derive the private key. As far as I know, one solution to this problem is to encrypt/decrypt using a randomly generated data encryption key that doesn’t ever change, and to then encrypt that key using a password based key. But then how can a user share encrypted data with other users? For that the user would have to also share their password based key in order to grant access to the public data encryption key, which obviously is against the whole point of encryption.

So, how do I go about reconciling and solving both of these issues?

Help with reviewing locking logic for sync system

I’m implementing a sync algorithm where multiple apps sync files with a data source. Syncing is already working and has been for several years so there’s no issue with this.

Now I want to implement a way to lock the data source, to tell clients that they shouldn’t write to it anymore. This will be used to upgrade the data source – i.e. upgrade its structure, move folders around, etc. which needs to be done when nothing else is syncing.

So I came up with the following algorithm, inspired by [SQLite 3 locking mechanism][1], but changed to take into account that it’s network based.

There are three types of locks, and a client request a lock by POSTing a file to the data source. The locks are:

  • SYNCING: The client is syncing – any other client can still read or write to the data source. There can be multiple SYNCING locks.
  • PENDING: The client wants to acquire an exclusive lock on the data source – any other clients can still read or write to the data source, but no new SYNCING lock can be posted. There can be multiple PENDING locks.
  • EXCLUSIVE: The client has locked the data source – no other client can read or write to it. There can be only one EXCLUSIVE lock.

And it would work like so:

  • When a client starts syncing with the data source, they acquire a SYNCING lock. When a client finishes syncing, they release the SYNCING lock they’ve created
  • When a client needs to lock the data source, it first posts a PENDING lock.¬†When a PENDING lock is present, no new SYNCING or PENDING locks can be posted. Clients that are syncing however can complete the process. The client who has acquired a PENDING lock will poll the data source and wait for all SYNCING lock to be released. When they are all gone, the client checks for all the PENDING locks – if there are others, the client checks the timestamps of these other locks and if his lock is not the oldest one, it deletes it and exit. Locking failed, and it will need to try again later.
  • If the PENDING lock is the oldest, then the client posts an EXCLUSIVE lock. At this point, no other client can post any other lock.

I’m wondering if I overlook something with this system, like I’m wondering if there could be some race conditions in some cases?

For now, I’m not dealing with clients that post a lock then crash, there will be some logic to clean up. At this point, I just want to make sure that this system will only allow one client to acquire an EXCLUSIVE lock. Any ideas?

Banners And Brands System Marketplace

Hello guys!

I am currently working on a marketplace store project based on: eBay and BestBuy, in both stores there is the partner and brand system where you are on the home page, I am using this plugin for the marketplace: https: // addons. and I'm doing it for prestashop, unfortunately the plug-in does not have the option to create the automatic banner (in fact there is more with this problem) and I spent 200 dollars in this…

Banners And Brands System Marketplace

Solving symoblic system of non-linear equations takes too long

I am trying to solve a set of system of symbolic non-linear equations:

g1 = ptz + pz + 2 pty q0 q1 - 2 ptz q1^2 + 2 px q0 q2 - 2 pz q2^2 -     2 px q1 q3 - 2 pty q2 q3 - 2 ptz q3^2 - 2 pz q3^2 ; g2 = 2 (ptx q0 q1 + px q0 q1 + ptz q1 q2 - pz q1 q2 + ptz q0 q3 +       pz q0 q3 - ptx q2 q3 + px q2 q3); g3 = ptx + px - 2 ptx q1^2 - 2 px q1^2 - 2 pz q0 q2 - 2 pty q1 q2 -     2 px q2^2 - 2 pty q0 q3 - 2 pz q1 q3 - 2 ptx q3^2 ; g4 = -2 pty q0 q2 - 2 py q0 q2 + 2 ptz q1 q2 - 2 pz q1 q2 -     2 ptz q0 q3 - 2 pz q0 q3 - 2 pty q1 q3 + 2 py q1 q3 ; g5 = ptz + pz - 2 py q0 q1 - 2 pz q1^2 - 2 ptx q0 q2 - 2 ptz q2^2 -     2 ptx q1 q3 - 2 py q2 q3 - 2 ptz q3^2 - 2 pz q3^2 ; g6 = -pty - py - 2 pz q0 q1 + 2 py q1^2 + 2 ptx q1 q2 + 2 pty q2^2 +     2 py q2^2 - 2 ptx q0 q3 + 2 pz q2 q3 + 2 pty q3^2 ; g7 = q0^2 + q1^2 + q2^2 + q3^2;  NSolve[{g1 == 0, g2 == 0, g3 == 0, g4 == 0, g5 == 0, g6 == 0,    g7 == 1}, {q0, q1, q2, q3}, Reals] 

Here all variables except q0, q1, q2 and q3 are considered fixed. The variables represent a unit quaternion. Testing for corner cases (by setting single element of quaternion to 0) reveals that these set of equations don’t have a solution, which is what I intend to prove. But the code takes too long to run. Any suggestions would be appreciated.

I could treat the elements of quaternion and the permutations of the elements as separate variable and solve the system as Linear Equations, which I did for the corner cases. But here I don’t have enough constraints (10 unknowns with 7 constraints) and hence can’t employ that method.

why can’t we protect the password file so that only the system can read it?

can’t we design an OS in such a way that it doesn’t allow anyone(not even root) to read the passwords file?. Then there will be no need for encrypting the passwords. Why can’t we hard-code a computer to hide it’s password file?

I was reading Cuckoo’s egg by Clifford Stoll on page 32, I didn’t understand why encrypting passwords is necessary why can’t we program the computer so that it ‘hides’ the password file from all users?

here is the excerpt:

When your computer has fifty or a hundred users, you might just store each person’s password in a file. When the user tries to log on, ask for her password and compare that to what’s in your file. In a friendly environment, no problem. But how do you keep someone from sneaking a peek at that password file? Well, protect the password file so that only the system can read it. Even if you protect the password file, every now and then all the files will be copied onto backup tapes. Even a novice programmer could read those tapes on another computer and list the contents of the password file. File protection alone isn’t enough. In 1975, Bob Morris and Fred Grampp of Bell Laboratories developed a way to protect passwords, even when files weren’t secure. They would rely on encryption, rather than file protection.

NFC Ultralight C – design an authentication system (can it be clone protected?)

I am trying to design an authentication system that will be based on NFC Ultralight C cards. Key concept in my system is that the card identifies a specific person, but this concept can be easily broken if the card can be cloned.

I want to prevent cloning with my cards – but all I found under authentication searches for ultralight c – gives me a write protection (authentication of the message), which is important, but not the only thing I care.

Is it possible to prevent NFC Ultralight C cloning ?

What a malicious website can do in the worst scenario on a upgraded system [closed]

I use last Debian stable (buster as June 2020).

  • system upgraded everyday (and browser addons updated automatically)
  • Firefox 68.9.0esr (64 bits) (the one from apt package system)
  • decent hardware (less than 5 years old)
  • Debian security upgrade enabled

I’m aware of security concerns, I…

  • verify (before clicking a HTTP link) if the link looks like, but are in fact by example (I take care about phising and tracking)
  • take care of untrusted X509 certificates for https websites
  • avoid using non trusted Firefox addons
  • never open suspicious files in web or mails
  • don’t use weak passwords (and I don’t use the same on 2 websites)
  • never run Firefox as root (who do this ?)
  • use httpsEverywhere, uBlock-Origin, Ghostery, Decentraleyes Firefox addons

So my question:

  • what is the risk of opening a malicious website (if not in google safe browsing DB) ? What it can do, the worst way, apart phishing website ? (I guess crypto-mining at least, exploit of Firefox vulnerability…)

Is finding solution to a system of 2SAT equations seperated by OR (DNF form) in NP

I want to know if finding solution to a specific number of 2SAT equations sepearted by OR gate (DNF form as below) is in P or NP.

The equation has total n variables and each clause is a 2SAT equation in itself in a subset of variables from 1 to n. Example:

F = [(x1 || x2 ) && ( !x2 || x3) && (x3 || x4)] || [(x2 || x5) && (x3 || x6) && (!x4 || !x6)] || ….

The equation F is a DNF of 2SAT equations, which has say m clauses. Is finding a solution to this in NP? If yes how?

Also, specifically I also want to know if finding False instances of equation F is in P or NP as well.

Ranking timeline system

Does anyone know a good way to show when someone become a legend, ancient, Myths…. Like a system that show how long time it take for someone to become it. I want to create a ranking power system that show how powerful someone can get with time.

A example of this:

  • Hero – 50 year
  • Legend – 500 year
  • Ancient – 1000 year
  • Myths – 2000 year