Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [database]

A structured set of data held in a computer, esp. one that is accessible in various ways.

94 questions
94
votes
8 answers

How is CipherCloud doing homomorphic encryption?

Much of the literature and latest papers suggest that homomorphic encryption is still not practical yet. How is CipherCloud able to achieve this? Does anyone have an idea? Their website does not provide much information about how their system works.
sashank
  • 6,234
  • 4
  • 36
  • 68
13
votes
3 answers

Salting when encrypting?

I was attending a database encryption session at a developers conference. The presenter (who was a published author on the subject) said that MS SQL Server did not support salted hashes in the database, but it does support salting with encryption.…
Jim McKeeth
  • 931
  • 1
  • 8
  • 16
12
votes
1 answer

Why x00 is usually avoided in salt?

In .NET Framework, there is a cryptographic Random Number Generator (RNG) provider which enables to generate a cryptographically strong sequence of random bytes. This provider contain, among others, two methods: GetBytes which generates a sequence…
Arseni Mourzenko
  • 223
  • 1
  • 6
9
votes
1 answer

Encrypting user data with their password?

I had an idea once that all of the user data (including the username) could be encrypted with the user's password. Obviously, most sites would store different data, so using the same password and username would not make the same output in the…
Bennett
  • 222
  • 2
  • 9
9
votes
1 answer

Adi Shamir's secret database of all primes

I was going through these presentation slides (PDF) on Crypto 2013. It summarizes the paper, Factoring RSA keys from certified smart cards: Coppersmith in the wild. In the last slide, it was mentioned that one possible future work to be done is to…
meta_warrior
  • 469
  • 4
  • 16
7
votes
1 answer

Hashing passwords with a salt - why use different salt for everyone?

Given a database where we have usernames and passwords, we want to secure users' passwords by hashing them. We should not use only username and passwords in this hash, as someone having data from other sites that uses the same hashing function can…
ThePiachu
  • 1,689
  • 2
  • 18
  • 26
7
votes
3 answers

Which of these 3 AES 128 symmetric encrypt/decrypt routines is most secure?

I am developing a symmetric en-/decryption routine written in c# for a database containing user-specific, sensitive information. I have narrowed down the implementation to 3 different approaches, but simply cannot determine which is the "best". So,…
crawfish
  • 483
  • 6
  • 13
6
votes
1 answer

Risks of Using SHA1 Instead of SHA256 for RSA with OAEP Padding

I'm presently implementing a simple RSA-based encryption as follows in PHP (using openssl_public_encrypt): // $sRawText is the text string to encrypt. // $sPublicKey is the public key stored on the server. openssl_public_encrypt($sRawText, $sResult,…
azoundria
  • 173
  • 1
  • 7
6
votes
2 answers

A lower bound on the insecurity of CipherCloud?

CipherCloud claims to support , among other things, searchable encryption. A bunch of speculation seems to suggest they did this via some breathtakingly incompetent means( unfortunately such speculation "appears" to be copyrighted) Regardless of…
imichaelmiers
  • 1,644
  • 10
  • 13
5
votes
1 answer

Two way encryption with random IV

I'm attempting to encrypt some information into our database to be later pulled back out and displayed to the user. Searching and reading up on different methods I found a post over at stack exchanged with example code for doing AES…
Derek
  • 53
  • 3
5
votes
3 answers

Searching over encrypted data

Is there any library/tool available which can allow me to search over encrypted data? I would like to encrypt data on client side, send it to cloud and perform search in cloud. I've been reading about homomorphic encryption and though there is…
user375868
  • 191
  • 1
  • 4
5
votes
2 answers

Public key crypto instead of hashing passwords in a database

Suppose I want to keep a client's password database secure (not in plaintext), while still having access to the plaintext password. Now I generates a public/private keypair. Then I send the public key to all servers, while keeping the private key on…
redfast00
  • 197
  • 1
  • 7
5
votes
1 answer

Are there any Implementations of Secure Indexes?

There are several papers about Secure Indexes, for Example "Searchable Symmetric Encryption: Improved Definitions and Efficient Constructions" and "Secure Indexes". I'm trying to build a system, that uses secure indexes to store and search data.…
itsme
  • 167
  • 1
5
votes
3 answers

Cryptographic data structure: sparse array without membership test

I would like a data structure supporting two operations: $\mathsf{set}(k,v)$ and $\mathsf{get}(k)$, with the following properties: $k$ can be any number between $0$ and something impressively large, like $2^{256}-1$. If there is some $v$ such that…
gmr
  • 271
  • 1
  • 6
4
votes
1 answer

How can I store confident data with OpenID?

I want to make a system that needs to store some confident user information in a database. I intend on using OpenID for user authentication. I would like encrypt the data in a way that it can only be decrypted when the user is logged in. What are…
ThePiachu
  • 1,689
  • 2
  • 18
  • 26
1
2 3 4 5 6 7