encryption – Obscure compression before encrypting

Assuming whatever encryption algorithm used was designed to support compression without any information leakage, would there be any reason not to use some custom compression algorithm to add obscurity to security?

Instead of a compression algorithm, what if it were just a simple custom algorithm that mixed the bits or bytes of the input? Would that impact the security at all?

(This is assuming that the implementation of said algorithm is secure against side-channel attacks.)

encryption – Encrypting salted password hash before storing in the database

I have read here, that instead of using pepper, it is better to encrypt hashed/salted passwords before storing in the database. Especially with Java, as there’s no library for salt/pepper, but just for salt hashing, and I’m not going to implement my own crypto in any way. Have two questions about it:

  1. Is it true? Will it add security, if db server is on the another physical computer, and encryption keys are sored on the app server’s fs?
  2. If so, is it ok to use RSA for hash encryption?
  3. To check password in this case, is it better to read encrypted password from the DB, decrypt it, and then compare it to the hashed/salted one entered by user, or encrypt entered hashed/salted password and then compare with the encrypted value in the database? In this case, will it be the same as using another hash, as encrypted hash is never decrypted?

Thank you

c# – Encrypting Data with interception of SQL instructions generated by Entity Framework

WPF Application, C#, MS SQL Server, Entity Framework 6. I need to encrypt all data from user input, and do it apart from business logic. I’ve come to interception of SQL Queries generated by transferring LINQ expressions to SQL, and changing data from them to encrypted, in order to store only encrypted data. I’d like to know if it even possible, and how… And how to decrypt them back and show user only plaintext. I can’t change this method – i.e. i MUST intercept queries. Yet another thing – i must use methods from System.Security.Cryptography.
I have read https://docs.microsoft.com/en-us/ef/ef6/fundamentals/logging-and-interception this article – we use EF version of 4.1, this will not work. I had even checked through source code of EF6 on Github to check if i can override SaveChanges() method

encryption – Encrypting my drive without losing all my files?

I set up my laptop with Ubuntu 20.04, now I want to encrypt my laptop’s entire drive (128GB SSD). I used Veracrypt with windows but on Linux I see you cannot encrypt system partitions/drives. I then found cryptsetup but when you encrypt your drive all of your files will be lost. Is it possible to encrypt my system drive without losing my files?

Are there disadvantages to encrypting an Android device?

In addition to the need for a lock screen, are there any disadvantages to encrypting an Android device (using native encryption)?

For example:

  • Is there a drop in performance?
  • Is there a rise in temperature?
  • Is there an increase in battery consumption?
  • Are there data integrity issues?
  • makes it a little more difficult (besides needing a lock screen)?

macos – GPG Tools never asks for a password when encrypting or decrypting

My secret key is password protected. If I import it into pgp tools on Windows every time I need to use the key, I'm asked for the password.

On the Mac, I am NEVER asked for a password. Does this mean that the private key password is stored in Apple's keychain? If so, is there a way to NOT do this so I have to enter a password?

Cryptography – security risk from encrypting the same data with many public keys

I need to distribute a 256-bit shared key to 100 or 1000 nodes (I have the public key of each node).

No networking is required. This is done by loading a single file onto each node. This file is created by a "master".

In some cases, the nodes use 2048-bit RSA keys; in other cases, it is an elliptical p521 curve key.

The idea is to create a line for each node in the distributed file that encrypts the shared key.

When the node uses EC, the node's public EC key and the master's private EC key are used to generate a symmetric key that is used to encrypt the shared key. The encrypted shared key and the signature generated by the master are saved in one line in the file.
The node then iterates through each line in the file, uses the master's public EC key and its own private EC key to generate the same symmetric key, decrypts the data, and then verifies the signature. If this is correct, it is the shared key.

If the node uses RSA, the shared key is encrypted with the node's public RSA key and a signature is generated by the master, and both are stored in one line in the file.
The node then runs through every line in the file, decrypts the data with its private RSA key and checks the signature. If this is correct, it is the shared key.

My concern is that knowing that a single piece of data encrypted with 1,000 different keys gives an attacker a significant advantage in deriving a private key?

[NEW] Tool for encrypting files

Hello everybody,

I just wanted to tell my story for a moment. Recently, someone stole my laptop while I was in Germany, and I lost all my documents, photos, passwords, and small work-related projects. So I learned not only to pay more attention to my property, but also to create more security for my files that I have. I did a bit of research and downloaded the encryption app for files called Nordlocker (https://nordlocker.com/). It's a totally free app that protects military standard files …

(NEW) Tool for encrypting files

phpmyadmin – Problem with encrypting passwords in MySQL

When I submit my form information to the database, no records are saved for the function password_hash, I only throw the following error:
Notice: Only variables should be passed by reference in C:wamp64wwwPractica HTMLinsertar.php on line 15

I would appreciate your help since I was stuck for a while.

This is the PHP connection:

prepare("INSERT INTO prueba1(nombre, email, clave, comentario) VALUES (:nombre, :email, :clave, :comentario)");
        if (!$sql) {
            echo "nPDO::errorInfo():n";
            print_r($PDO->errorInfo());
        }
        else
        {
            $sql->bindParam(':nombre',$_POST('nombre'));
            $sql->bindParam(':email',$_POST('email'));
            $sql->bindParam(':clave', password_hash($_POST('clave'), PASSWORD_DEFAULT));
            $sql->bindParam(':comentario',$_POST('comentario'));
            $sql->execute();
        }
    }
    catch(PDOException $e) {
               echo "Fallo de conexion al enviar los datos:".$e ->getMessage();
    }  
?>