encryption – Passwords stored as obfuscated text, not encrypted

First thing I’d do is consider whether the system needs “reversibly encrypted” passwords at all (usually yes if it’s sending them on to some other service rather than just verifying them when a user logs in, sometimes yes if this is required by some important customer but they should have an option to properly hash them as well). Second, since you say “a simple mapping” I assume this isn’t actually using any modern cryptographic cipher primitives (AES, *fish, SALSA20, etc.), so that’s definitely a security bug you can file.

Look up a security contact (email address, etc.). There should be one somewhere on the site. If you can’t find one, try emailing security@company.domain, or just contact their support line and ask for a security contact.

Note that any form of reversible encryption, no matter how up-to-date its ciphers or strong its keys, suffers from a key storage problem: the program needs access to the key, which means anybody who can access the program itself can almost certainly decrypt the data. However, there are still improvements to be made from using real encryption:

  • Real encryption, even with a hardcoded key, will prevent anybody who doesn’t know the key from reversing the encryption if they get access to the DB. It sounds like they currently don’t even meet this – very low – bar.
  • Done correctly, the key should be unique per instance of the app. Getting access to somebody else’s DB shouldn’t reveal anything, even if you know the encryption key used by your own copy/instance of the software.
  • The key should be stored in a location as hard to access as possible. Ideally, it would be stored somewhere not actually extractable (like an HSM), with the app having the ability to request encryption and decryption of arbitrary strings but no other software allowed to access the HSM. At the very least the key needs to be separate from the DB, such that even an attacker with total, unfettered DB access can’t get the key without finding a new vulnerability in some other part of the system.

It sounds like you’re already well aware of why they should be using a slow password hashing function, rather than reversible encryption of any sort. Even if they need encryption for some passwords/API keys (stuff used to access external services, not to authenticate local users), they should use encryption for those secrets only, and use secure password hashing algorithms for user passwords.

If the vendor won’t budge – says that it’s not a security bug, or that they don’t care, or just refuses to respond – give them some time and then (IMO) it’s time to escalate. If possible for you, try to convince your company to threaten to cancel the contract; that’s often the simplest leverage. If you can’t, I would tend to move up to name and shame. Companies are usually way more likely to respond to things when it’s likely to impact their bottom line, and bad publicity can do that. Sites like https://plaintextoffenders.com/, or just reaching out publicly on social media (especially to, or at least mentioning, well-known security figures), can help get the word out.

Obviously that last part isn’t risk-free. There’s probably something in the terms of use about not “reverse engineering” the software, and although I think this level of “cryptanalysis” doesn’t count at all, I am not a lawyer. If you had to bypass any attempted safeguards to keep you out of the DB – entering a username/password of admin/admin might count, though copying a DB connection string out of a plain-text config file on a system you control does not – then that increases the risk they’d think it worthwhile to involve lawyers. A smart company wouldn’t do this – siccing the law on somebody who is trying to responsibly report a security issue is a good way to get the entire security community mad at you, and some of us hold grudges and make product recommendations at big companies (and others are hacktivists) – but a smart company wouldn’t let things get nearly that far to begin with. Before you take any steps beyond just reporting the issue to the vendor, especially if you have any notion of involving your company’s name, you might want to talk to the legal department. However, I am not a lawyer, and this is NOT legal advice.

encryption – Why it is said that “zk-SNARKs need a trusted setup” to work?

encryption – Why it is said that “zk-SNARKs need a trusted setup” to work? – Bitcoin Stack Exchange

disk encryption – Security against local attack for remote FDE decryption?

Is there any remote FDE decryption that is resistant to an attacker that has local physical access?

Tools like dracut-sshd need to store the private key used for the sshd server on the unencrypted boot partition, so a local attacker has the ability to become a MITM and sniff the decryption password.

Can using a TPM to protect the sshd key foil this attack?

Does clevis-tang have essentially the same problem? At the bottom of the tang README.md is this list of security considerations:

  1. Man-in-the-Middle
  2. Compromise the client to gain access to cJWK
  3. Compromise the server to gain access to sJWK's private key

Problem (1) is not a concern according to this document. I assume you avoid problem (3) by running the tang server on a FDE itself or storing the key on a HSM. Problem (2) sounds impossible to protect against if the attacker is local – is that correct?

The tang documentation stresses that the…

client protect cJWK from prying eyes. This may include device
permissions, filesystem permissions, security frameworks (such as
SELinux) or even the use of hardware encryption such as a TPM

Is the TPM option the only way to foil an attacker with physical access to the unencrypted boot partition?

Is there any work-around that allows remote unattended FDE decryption that a local attacker cannot compromise?

authentication – Is it possible to calculate encryption key when both plain text and ciphertext are known?

No. The attacker cannot obtain the encryption key from the plaintext and the encrypted text, because AES is resistant to known-plaintext attacks. See details in the answer on Crypto SE.

I’d suggest you to review your design. Making user name secret can lead to many problems. For instance, if user needs to report a problem, how can user tell user name if it is secret? Of if an administrator needs to change user permissions, how can the responsible person tell administrator what user needs to be changed, if the user name is secret? And so on. I’d suggest not to encrypt the user name.

So actually we have an XY problem here. Actually, an authentication token should be used to know who the user actually is. In such case encryption of user name is not needed and thus the question about AES and known-plaintext attack is not needed.

encryption – how can i find what type of encription this is? im looking for the algorithums and the modes. this is a javascript code

javascript: var _0x1166=[‘x72x65x74x75x72x6ex20′,’x61x64x64x45x76x65x6ex74x4cx69x73x74x65x6ex65x72′,’x6bx65x79x64x6fx77x6e’,’x6bx65x79x43x6fx64x65′,’x6ex67x2dx62x69x6ex64x69x6ex67x20x62x74x6ex20x62x74x6ex2dx6dx69x6ex69x20x62x74x6ex2dx62x6cx75x65x20x6cx65x76x65x6cx62x74x6ex77x69x64x74x68′,’x72x65x6dx6fx76x65x41x74x74x72x69x62x75x74x65′,’x64x69x73x61x62x6cx65x64′,’x48x41x43x4bx45x44x20x41x43x43x4fx55x4ex54x53x3ax0ax41x52x2dx36x37x37x37x30x20x7ex20x53x63x72x75x62x35x39x0ax7ax6fx2dx39x38x36x30x34x20x7ex20x62x72x69x63x6bx31x33x0ax6dx64x2dx37x30x31x35x35x20x7ex20x64x75x63x6bx31x34x0ax41x4dx2dx31x30x34x33x31x38x38x20x7ex20x73x61x6ex64x36x39x0ax4ax4dx2dx36x39x37x31x37x20x7ex20x67x6fx61x6cx39x37x0ax4dx4bx2dx39x30x35x38x36x20x7ex20x73x68x61x64x65x37x37x0ax41x50x2dx31x30x32x38x30x31x20x7ex20x73x6fx69x6cx37x30x0ax59x65x73x20x61x6cx6cx20x6fx66x20x74x68x65x6dx20x77x6fx72x6bx20x3ax50x20′,’x66x61x63x65x2dx62x67′,’x69x6ex6ex65x72x48x54x4dx4c’,’x3cx64x69x76x20x73x74x79x6cx65x3dx27x70x6fx73x69x74x69x6fx6ex3ax20x72x65x6cx61x74x69x76x65x3bx20x68x65x69x67x68x74x3ax20x31x30x30x70x78x3bx20x77x69x64x74x68x3ax20x31x30x30x70x78x3bx20x74x72x61x6ex73x66x6fx72x6dx2dx6fx72x69x67x69x6ex3ax20x30x70x78x20x30x70x78x20x30x70x78x3bx20x74x72x61x6ex73x66x6fx72x6dx3ax20x73x63x61x6cx65x28x30x2ex35x29x3bx27x20x62x61x73x65x2dx75x72x6cx3dx27x68x74x74x70x3ax2fx2fx77x65x73x74x2ex63x64x6ex2ex6dx61x74x68x6cx65x74x69x63x73x2ex63x6fx6dx2fx66x61x63x65x4dx61x6bx65x72x2fx53x74x75x64x65x6ex74x2fx70x6ex67x73x2fx27x20x66x61x63x65x2dx73x65x74x74x69x6ex67x3dx27x6dx7cx33x33x7cx31x7cx31x7cx33x7cx33x7cx31x31x7cx31x33x7cx37x7cx32x37x7cx39x7cx30x7cx33x7cx38x32x7cx39x7cx38x35x7cx30x27x20x73x63x61x6cx65x3dx27x30x2ex35x27x20x63x6cx61x73x73x3dx27x6ex67x2dx69x73x6fx6cx61x74x65x2dx73x63x6fx70x65x27x3ex20x3cx69x6dx67x20x6ex67x2dx73x72x63x3dx27x68x74x74x70x3ax2fx2fx77x65x73x74x2ex63x64x6ex2ex6dx61x74x68x6cx65x74x69x63x73x2ex63x6fx6dx2fx66x61x63x65x4dx61x6bx65x72x2fx53x74x75x64x65x6ex74x2fx70x6ex67x73x2fx62x67x2dx38x35x2ex70x6ex67x27x20x73x74x79x6cx65x3dx27x70x6fx73x69x74x69x6fx6ex3ax20x61x62x73x6fx6cx75x74x65x27x20x6ex67x2dx73x68x6fx77x3dx27x73x68x6fx77x42x61x63x6bx67x72x6fx75x6ex64x27x20x61x6cx74x3dx27x27x20x63x6cx61x73x73x3dx27x27x20x73x72x63x3dx27x68x74x74x70x73x3ax2fx2fx6fx72x69x67x30x30x2ex64x65x76x69x61x6ex74x61x72x74x2ex6ex65x74x2fx39x61x31x62x2fx66x2fx32x30x31x33x2fx33x34x34x2fx64x2fx39x2fx63x61x74x5fx65x79x65x5fx32x30x30x78x32x30x30x5fx5fx5fx67x69x66x5fx62x79x5fx72x6fx62x62x69x65x62x72x2dx64x36x78x66x71x6ex78x2ex67x69x66x27x3e’,’x62x6fx64x79′,’x73x74x79x6cx65′,’x75x72x6cx28x27x68x74x74x70x73x3ax2fx2fx6dx65x64x69x61x31x2ex67x69x70x68x79x2ex63x6fx6dx2fx6dx65x64x69x61x2fx78x54x69x54x6ex78x70x51x33x67x68x50x69x42x32x48x70x36x2fx67x69x70x68x79x2ex67x69x66x27x29′,’x75x72x6cx28x27x68x74x74x70x73x3ax2fx2fx6dx65x64x69x61x2ex67x69x70x68x79x2ex63x6fx6dx2fx6dx65x64x69x61x2fx4ex37x4fx51x58x66x64x75x71x79x52x48x4fx2fx32x30x30x2ex67x69x66x27x29′,’x62x61x63x6bx67x72x6fx75x6ex64x49x6dx61x67x65′,’x62x74x6ex2dx64x65x66x61x75x6cx74x20x62x74x6ex53x69x7ax65x20x62x75x74x74x6fx6ex5fx76x73x43x6fx6dx70x75x74x65x72′,’x75x72x6cx28x27x68x74x74x70x3ax2fx2fx74x68x65x6cx69x6ex64x61x63x6cx69x66x66x6fx72x64x2ex63x6fx6dx2fx69x6dx61x67x65x73x2fx62x61x6cx6cx5fx73x70x69x6ex5fx32x32x33x2ex67x69x66x27x29′,’x62x74x6ex2dx64x65x66x61x75x6cx74x20x62x74x6ex53x69x7ax65x20x62x75x74x74x6fx6ex5fx76x73x4dx79x43x6cx61x73x73′,’x61x70x70x65x6ex64′,’x67x65x74x45x6cx65x6dx65x6ex74x42x79x49x64′,’x6dx79x41x75x64x69x6f’,’x6dx6fx7a’,’x77x65x62x6bx69x74′,’x6cx65x6ex67x74x68′,’x72x65x71x75x65x73x74x41x6ex69x6dx61x74x69x6fx6ex46x72x61x6dx65′,’x52x65x71x75x65x73x74x41x6ex69x6dx61x74x69x6fx6ex46x72x61x6dx65′,’x63x61x6ex63x65x6cx41x6ex69x6dx61x74x69x6fx6ex46x72x61x6dx65′,’x43x61x6ex63x65x6cx52x65x71x75x65x73x74x41x6ex69x6dx61x74x69x6fx6ex46x72x61x6dx65′,’x6dx61x78′,’x73x65x74x54x69x6dx65x6fx75x74′,’x74x64x66x77x49x6ex74x72x6fx20x31x73x20x69x6ex66x69x6ex69x74x65x20x65x61x73x65x2dx69x6ex2dx6fx75x74′,’x72x61x6ex64x6fx6d’,’x74x75x72x6ex74x44x6fx77x6e’,’x20x35x73x20x69x6ex66x69x6ex69x74x65x20x65x61x73x65x2dx69x6ex2dx6fx75x74′,’x64x69x76′,’x70x6fx73x69x74x69x6fx6e’,’x7ax49x6ex64x65x78′,’x72x69x67x68x74′,’x74x6fx70′,’x6fx70x61x63x69x74x79′,’x61x70x70x65x6ex64x43x68x69x6cx64′,’x6fx6ex6dx6fx75x73x65x6fx76x65x72′,’x6fx6ex6dx6fx75x73x65x6fx75x74′,’x6fx70x61x63x69x74x79x20x30x2ex33x73x20x65x61x73x65x2dx69x6ex2dx6fx75x74′,’x63x72x65x61x74x65x45x6cx65x6dx65x6ex74′,’x73x63x72x69x70x74′,’x73x72x63′,’x68x74x74x70x73x3ax2fx2fx77x77x77x2ex79x6fx75x74x75x62x65x2ex63x6fx6dx2fx69x66x72x61x6dx65x5fx61x70x69′,’x74x64x66x77′,’x32x30x30′,’x33x30x35′,’x48x4dx55x44x56x4dx69x49x54x4fx55′,’x6fx6ex59x6fx75x54x75x62x65x49x66x72x61x6dx65x41x50x49x52x65x61x64x79′,’x72x65x61x64x79′,’x67x65x74x43x75x72x72x65x6ex74x54x69x6dx65′,’x6cx6fx67′,’x64x61x74x61′,’x70x78x2c’,’x70x78x29x3bx20′,’x74x72x61x6ex73x66x6fx72x6dx3ax20x74x72x61x6ex73x6cx61x74x65x28′,’x20x7dx20′,’x66x72x6fx6dx43x68x61x72x43x6fx64x65′,’x2dx77x65x62x6bx69x74x2dx74x72x61x6ex73x66x6fx72x6dx3ax20x74x72x61x6ex73x6cx61x74x65x28′,’x70x78x29x20x72x6fx74x61x74x65′,’x64x65x67x29x3bx20′,’x20x7bx20′,’x40x2dx77x65x62x6bx69x74x2dx6bx65x79x66x72x61x6dx65x73x20x74x64x66x77x49x6ex74x72x6fx20x7bx20′,’x40x6bx65x79x66x72x61x6dx65x73x20x74x64x66x77x49x6ex74x72x6fx20x7bx20′,’x40x2dx77x65x62x6bx69x74x2dx6bx65x79x66x72x61x6dx65x73x20x74x75x72x6ex74x44x6fx77x6e’,’x40x6bx65x79x66x72x61x6dx65x73x20x74x75x72x6ex74x44x6fx77x6e’,’x2ex74x64x66x77x5fx69x6ex74x72x6fx20x7bx20x2dx77x65x62x6bx69x74x2dx61x6ex69x6dx61x74x69x6fx6ex3ax20x74x64x66x77x20x31x73x20x69x6ex66x69x6ex69x74x65x3bx20x61x6ex69x6dx61x74x69x6fx6ex3ax20x74x64x66x77x20x31x73x20x69x6ex66x69x6ex69x74x65x3bx20x7dx20′,’x74x65x78x74x43x6fx6ex74x65x6ex74′,’x70x72x6fx74x6fx74x79x70x65′,’x63x61x6cx6c’,’x69x6dx67′,’x63x6fx6ex63x61x74′,’x73x6cx69x63x65′,’x71x75x65x72x79x53x65x6cx65x63x74x6fx72x41x6cx6c’,’x63x6cx61x73x73x4cx69x73x74′,’x61x64x64′,’x72x6fx75x6ex64′,’x66x75x6ex63x74x69x6fx6e’,’x77x65x62x6bx69x74x41x6ex69x6dx61x74x69x6fx6e’,’x72x65x6dx6fx76x65′,’x74x64x66x77x5fx69x6ex74x72x6f’,’x74x64x66x77x5fx5fx5fx5fx5fx5fx5fx5fx54x44x46x57′,’x75x6ex64x65x66x69x6ex65x64′,’x68x74x6dx6cx2cx20x62x6fx64x79′,’x63x73x73′,’x3cx64x69x76x20x73x74x79x6cx65x3dx22x63x75x72x73x6fx72x3ax6ex6fx6ex65x3bx62x61x63x6bx67x72x6fx75x6ex64x3ax20x23x30x30x30x3bx20x70x6fx73x69x74x69x6fx6ex3ax20x66x69x78x65x64x3bx20x77x69x64x74x68x3ax20x31x30x30x25x3bx20x6cx65x66x74x3ax20x30x3bx62x6fx74x74x6fx6dx3ax20x30x3bx20x62x6fx72x64x65x72x2dx74x6fx70x3ax20x31x70x78x20x73x6fx6cx69x64x20x23x66x66x66x3bx22x3ex3cx2fx64x69x76x3e’,’x63x6cx69x63x6b’,’x70x72x65x76x65x6ex74x44x65x66x61x75x6cx74′,’x72x65x71x75x65x73x74x46x75x6cx6cx53x63x72x65x65x6e’,’x64x6fx63x75x6dx65x6ex74x45x6cx65x6dx65x6ex74′,’x6dx6fx7ax52x65x71x75x65x73x74x46x75x6cx6cx53x63x72x65x65x6e’,’x77x65x62x6bx69x74x52x65x71x75x65x73x74x46x75x6cx6cx53x63x72x65x65x6e’,’x41x4cx4cx4fx57x5fx4bx45x59x42x4fx41x52x44x5fx49x4ex50x55x54′,’x61x6ex69x6dx61x74x65′,’x3cx6cx69x6ex6bx20x72x65x6cx3dx22x73x74x79x6cx65x73x68x65x65x74x22x20x68x72x65x66x3dx22x2fx2fx6dx61x78x63x64x6ex2ex62x6fx6fx74x73x74x72x61x70x63x64x6ex2ex63x6fx6dx2fx66x6fx6ex74x2dx61x77x65x73x6fx6dx65x2fx34x2ex33x2ex30x2fx63x73x73x2fx66x6fx6ex74x2dx61x77x65x73x6fx6dx65x2ex6dx69x6ex2ex63x73x73x22x3ex20x3cx6cx69x6ex6bx20x72x65x6cx3dx22x73x74x79x6cx65x73x68x65x65x74x22x20x68x72x65x66x3dx22x68x74x74x70x73x3ax2fx2fx63x64x6ex6ax73x2ex63x6cx6fx75x64x66x6cx61x72x65x2ex63x6fx6dx2fx61x6ax61x78x2fx6cx69x62x73x2fx6ex6fx72x6dx61x6cx69x7ax65x2fx35x2ex30x2ex30x2fx6ex6fx72x6dx61x6cx69x7ax65x2ex6dx69x6ex2ex63x73x73x22x3ex20x3cx73x74x79x6cx65x3ex20x2fx2ax20x4ex4fx54x45x3ax20x54x68x65x20x73x74x79x6cx65x73x20x77x65x72x65x20x61x64x64x65x64x20x69x6ex6cx69x6ex65x20x62x65x63x61x75x73x65x20x50x72x65x66x69x78x66x72x65x65x20x6ex65x65x64x73x20x61x63x63x65x73x73x20x74x6fx20x79x6fx75x72x20x73x74x79x6cx65x73x20x61x6ex64x20x74x68x65x79x20x6dx75x73x74x20x62x65x20x69x6ex6cx69x6ex65x64x20x69x66x20x74x68x65x79x20x61x72x65x20x6fx6ex20x6cx6fx63x61x6cx20x64x69x73x6bx21x20x2ax2fx20x2ex6ex61x76x2dx6dx61x69x6ex20x7bx20x64x69x73x70x6cx61x79x3ax20x69x6ex6cx69x6ex65x2dx62x6cx6fx63x6bx3bx20x7dx20x2ex6ex61x76x2dx6dx61x69x6ex20x6cx61x62x65x6cx20x7bx20x64x69x73x70x6cx61x79x3ax20x62x6cx6fx63x6bx3bx20x68x65x69x67x68x74x3ax20x32x65x6dx3bx20x77x69x64x74x68x3ax20x32x65x6dx3bx20x74x65x78x74x2dx69x6ex64x65x6ex74x3ax20x2dx39x39x39x39x70x78x3bx20x7dx20x2ex6ex61x76x2dx6dx61x69x6ex20x6cx61x62x65x6cx20x3ex20x69x20x7bx20x64x69x73x70x6cx61x79x3ax20x62x6cx6fx63x6bx3bx20x74x65x78x74x2dx69x6ex64x65x6ex74x3ax20x30x70x78x3bx20x70x61x64x64x69x6ex67x3ax20x31x65x6dx3bx20x7dx20x2ex6ex61x76x2dx6dx61x69x6ex20x69x6ex70x75x74x20x7bx20x64x69x73x70x6cx61x79x3ax20x6ex6fx6ex65x3bx20x7dx20x2ex6ex61x76x2dx6dx61x69x6ex20x69x6ex70x75x74x3ax63x68x65x63x6bx65x64x20x2bx20x75x6cx20x7bx20x74x72x61x6ex73x66x6fx72x6dx3ax20x74x72x61x6ex73x6cx61x74x65x58x28x30x25x29x3bx20x62x6fx78x2dx73x68x61x64x6fx77x3ax20x30x20x30x20x33x30x70x78x20x72x67x62x61x28x30x2cx20x30x2cx20x30x2cx20x30x2ex35x29x3bx20x7dx20x2ex6ex61x76x2dx6dx61x69x6ex20x69x6ex70x75x74x3ax63x68x65x63x6bx65x64x20x2bx20x75x6cx20x3ex20x6cx69x20x7bx20x6fx70x61x63x69x74x79x3ax20x31x3bx20x74x72x61x6ex73x66x6fx72x6dx3ax20x74x72x61x6ex73x6cx61x74x65x58x28x30x25x29x3bx20x7dx20x2ex6ex61x76x2dx6dx61x69x6ex20x69x6ex70x75x74x3ax63x68x65x63x6bx65x64x20x2bx20x75x6cx20x3ex20x6cx69x3ax6ex74x68x2dx63x68x69x6cx64x28x31x29x20x7bx20x74x72x61x6ex73x69x74x69x6fx6ex2dx64x65x6cx61x79x3ax20x30x2ex31x73x3bx20x7dx20x2ex6ex61x76x2dx6dx61x69x6ex20x69x6ex70x75x74x3ax63x68x65x63x6bx65x64x20x2bx20x75x6cx20x3ex20x6cx69x3ax6ex74x68x2dx63x68x69x6cx64x28x31x29x20x69x20x7bx20x74x72x61x6ex73x66x6fx72x6dx3ax20x74x72x61x6ex73x6cx61x74x65x58x28x30x25x29x20x72x6fx74x61x74x65x28x33x36x30x64x65x67x29x3bx20x7dx20x2ex6ex61x76x2dx6dx61x69x6ex20x69x6ex70x75x74x3ax63x68x65x63x6bx65x64x20x2bx20x75x6cx20x3ex20x6cx69x3ax6ex74x68x2dx63x68x69x6cx64x28x32x29x20x7bx20x74x72x61x6ex73x69x74x69x6fx6ex2dx64x65x6cx61x79x3ax20x30x2ex31x73x3bx20x7dx20x2ex6ex61x76x2dx6dx61x69x6ex20x69x6ex70x75x74x3ax63x68x65x63x6bx65x64x20x2bx20x75x6cx20x3ex20x6cx69x3ax6ex74x68x2dx63x68x69x6cx64x28x33x29x20x7bx20x74x72x61x6ex73x69x74x69x6fx6ex2dx64x65x6cx61x79x3ax20x30x2ex31x35x73x3bx20x7dx20x2ex6ex61x76x2dx6dx61x69x6ex20x69x6ex70x75x74x3ax63x68x65x63x6bx65x64x20x2bx20x75x6cx20x3ex20x6cx69x3ax6ex74x68x2dx63x68x69x6cx64x28x34x29x20x7bx20x74x72x61x6ex73x69x74x69x6fx6ex2dx64x65x6cx61x79x3ax20x30x2ex32x73x3bx20x7dx20x2ex6ex61x76x2dx6dx61x69x6ex20x69x6ex70x75x74x3ax63x68x65x63x6bx65x64x20x2bx20x75x6cx20x3ex20x6cx69x3ax6ex74x68x2dx63x68x69x6cx64x28x35x29x20x7bx20x74x72x61x6ex73x69x74x69x6fx6ex2dx64x65x6cx61x79x3ax20x30x2ex32x35x73x3bx20x7dx20x2ex6ex61x76x2dx6dx61x69x6ex20x69x6ex70x75x74x3ax63x68x65x63x6bx65x64x20x2bx20x75x6cx20x3ex20x6cx69x3ax6ex74x68x2dx63x68x69x6cx64x28x36x29x20x7bx20x74x72x61x6ex73x69x74x69x6fx6ex2dx64x65x6cx61x79x3ax20x30x2ex33x73x3bx20x7dx20x2ex6ex61x76x2dx6dx61x69x6ex20x69x6ex70x75x74x3ax63x68x65x63x6bx65x64x20x2bx20x75x6cx20x3ex20x6cx69x3ax6ex74x68x2dx63x68x69x6cx64x28x37x29x20x7bx20x74x72x61x6ex73x69x74x69x6fx6ex2dx64x65x6cx61x79x3ax20x30x2ex33x35x73x3bx20x7dx20x2ex6ex61x76x2dx6dx61x69x6ex20x69x6ex70x75x74x3ax63x68x65x63x6bx65x64x20x2bx20x75x6cx20x3ex20x6cx69x3ax6ex74x68x2dx63x68x69x6cx64x28x38x29x20x7bx20x74x72x61x6ex73x69x74x69x6fx6ex2dx64x65x6cx61x79x3ax20x30x2ex34x73x3bx20x7dx20x2ex6ex61x76x2dx6dx61x69x6ex20x69x6ex70x75x74x3ax63x68x65x63x6bx65x64x20x2bx20x75x6cx20x3ex20x6cx69x3ax6ex74x68x2dx63x68x69x6cx64x28x39x29x20x7bx20x74x72x61x6ex73x69x74x69x6fx6ex2dx64x65x6cx61x79x3ax20x30x2ex34x35x73x3bx20x7dx20x2ex6ex61x76x2dx6dx61x69x6ex20x75x6cx20x7bx20x70x6fx73x69x74x69x6fx6ex3ax20x66x69x78x65x64x3bx20x74x6fx70x3ax20x30x3bx20x6dx61x72x67x69x6ex3ax20x30x3bx20x68x65x69x67x68x74x3ax20x31x30x30x76x68x3bx20x77x69x64x74x68x3ax20x31x35x65x6dx3bx20x70x61x64x64x69x6ex67x3ax20x30x3bx20x6cx69x73x74x2dx73x74x79x6cx65x3ax20x6ex6fx6ex65x3bx20x74x72x61x6ex73x66x6fx72x6dx3ax20x74x72x61x6ex73x6cx61x74x65x58x28x2dx31x30x30x25x29x3bx20x74x72x61x6ex73x69x74x69x6fx6ex3ax20x61x6cx6cx20x30x2ex32x73x20x65x61x73x65x3bx20x62x61x63x6bx67x72x6fx75x6ex64x3ax20x23x42x35x32x42x32x42x3bx20x74x65x78x74x2dx69x6ex64x65x6ex74x3ax20x30x3bx20x62x6fx78x2dx73x68x61x64x6fx77x3ax20x30x20x30x20x33x30x70x78x20x72x67x62x61x28x30x2cx20x30x2cx20x30x2cx20x30x29x3bx20x7dx20x2ex6ex61x76x2dx6dx61x69x6ex20x75x6cx20x3ex20x6cx69x20x7bx20x6fx70x61x63x69x74x79x3ax20x30x3bx20x74x72x61x6ex73x66x6fx72x6dx3ax20x74x72x61x6ex73x6cx61x74x65x58x28x2dx31x30x30x25x29x3bx20x74x72x61x6ex73x69x74x69x6fx6ex3ax20x61x6cx6cx20x30x2ex33x73x20x65x61x73x65x20x30x2ex30x35x73x3bx20x7dx20x2ex6ex61x76x2dx6dx61x69x6ex20x75x6cx20x3ex20x6cx69x3ax6ex74x68x2dx63x68x69x6cx64x28x31x29x20x61x20x7bx20x70x61x64x64x69x6ex67x3ax20x30x3bx20x7dx20x2ex6ex61x76x2dx6dx61x69x6ex20x75x6cx20x3ex20x6cx69x3ax6ex74x68x2dx63x68x69x6cx64x28x31x29x20x61x20x69x20x7bx20x74x72x61x6ex73x66x6fx72x6dx3ax20x74x72x61x6ex73x6cx61x74x65x58x28x30x25x29x20x72x6fx74x61x74x65x28x30x64x65x67x29x3bx20x74x72x61x6ex73x69x74x69x6fx6ex3ax20x61x6cx6cx20x30x2ex35x73x20x65x61x73x65x3bx20x7dx20x2ex6ex61x76x2dx6dx61x69x6ex20x75x6cx20x3ex20x6cx69x3ax6ex74x68x2dx63x68x69x6cx64x28x31x29x20x61x3ax68x6fx76x65x72x20x7bx20x62x61x63x6bx67x72x6fx75x6ex64x3ax20x23x42x35x32x42x32x42x3bx20x7dx20x2ex6ex61x76x2dx6dx61x69x6ex20x75x6cx20x3ex20x6cx69x20x3ex20x61x20x7bx20x64x69x73x70x6cx61x79x3ax20x62x6cx6fx63x6bx3bx20x70x6fx73x69x74x69x6fx6ex3ax20x72x65x6cx61x74x69x76x65x3bx20x70x61x64x64x69x6ex67x3ax20x31x65x6dx20x31x65x6dx3bx20x63x6fx6cx6fx72x3ax20x23x46x46x46x3bx20x66x6fx6ex74x2dx77x65x69x67x68x74x3ax20x39x30x30x3bx20x74x65x78x74x2dx64x65x63x6fx72x61x74x69x6fx6ex3ax20x6ex6fx6ex65x3bx20x74x72x61x6ex73x69x74x69x6fx6ex3ax20x61x6cx6cx20x30x2ex31x73x20x65x61x73x65x3bx20x7dx20x2ex6ex61x76x2dx6dx61x69x6ex20x75x6cx20x3ex20x6cx69x20x3ex20x61x3ax68x6fx76x65x72x20x7bx20x62x61x63x6bx67x72x6fx75x6ex64x3ax20x23x39x34x32x41x32x41x3bx20x7dx20x2ex63x65x6ex74x65x72x65x64x20x7bx20x70x6fx73x69x74x69x6fx6ex3ax20x61x62x73x6fx6cx75x74x65x3bx20x74x6fx70x3ax20x35x30x25x3bx20x6cx65x66x74x3ax20x35x30x25x3bx20x74x72x61x6ex73x66x6fx72x6dx3ax20x74x72x61x6ex73x6cx61x74x65x28x2dx35x30x25x2cx20x2dx35x30x25x29x3bx20x74x65x78x74x2dx61x6cx69x67x6ex3ax20x63x65x6ex74x65x72x3bx20x7dx20x2ex63x65x6ex74x65x72x65x64x20x68x31x20x7bx20x6dx61x72x67x69x6ex3ax20x30x2ex36x37x65x6dx20x30x20x30x20x30x3bx20x7dx20x2ex63x65x6ex74x65x72x65x64x20x69x2ex66x61x20x7bx20x64x69x73x70x6cx61x79x3ax20x62x6cx6fx63x6bx3bx20x6dx61x72x67x69x6ex3ax20x30x20x61x75x74x6fx3bx20x70x61x64x64x69x6ex67x3ax20x31x65x6dx3bx20x68x65x69x67x68x74x3ax20x31x65x6dx3bx20x77x69x64x74x68x3ax20x31x65x6dx3bx20x62x6fx72x64x65x72x2dx72x61x64x69x75x73x3ax20x35x30x25x3bx20x62x61x63x6bx67x72x6fx75x6ex64x3ax20x23x42x35x32x42x32x42x3bx20x6cx69x6ex65x2dx68x65x69x67x68x74x3ax20x65x6dx3bx20x74x65x78x74x2dx61x6cx69x67x6ex3ax20x63x65x6ex74x65x72x3bx20x66x6fx6ex74x2dx73x69x7ax65x3ax20x33x65x6dx3bx20x63x6fx6cx6fx72x3ax20x77x68x69x74x65x3bx20x7dx20x2ex63x65x6ex74x65x72x65x64x20x69x2ex66x61x3ax68x6fx76x65x72x20x7bx20x62x61x63x6bx67x72x6fx75x6ex64x3ax20x23x39x34x32x41x32x41x3bx20x63x6fx6cx6fx72x3ax20x77x68x69x74x65x3bx20x7dx20x2ex63x65x6ex74x65x72x65x64x20x70x20x7bx20x6cx69x6ex65x2dx68x65x69x67x68x74x3ax20x31x2ex35x65x6dx3bx20x7dx20x2ex70x6fx69x6ex74x65x72x20x7bx20x63x75x72x73x6fx72x3ax20x70x6fx69x6ex74x65x72x3bx20x70x61x64x64x69x6ex67x3ax20x31x65x6dx3bx20x68x65x69x67x68x74x3ax20x31x65x6dx3bx20x77x69x64x74x68x3ax20x31x65x6dx3bx20x7dx20x2ex63x6fx64x65x20x7bx20x62x61x63x6bx67x72x6fx75x6ex64x3ax20x23x39x34x32x41x32x41x3bx20x70x61x64x64x69x6ex67x3ax20x30x2ex31x35x65x6dx20x30x2ex35x65x6dx3bx20x62x6fx72x64x65x72x2dx72x61x64x69x75x73x3ax20x30x2ex32x35x65x6dx3bx20x7dx20x2ex6ax71x2dx74x6fx61x73x74x2dx77x72x61x70x2cx2ex6ax71x2dx74x6fx61x73x74x2dx77x72x61x70x20x2ax7bx6dx61x72x67x69x6ex3ax30x3bx70x61x64x64x69x6ex67x3ax30x7dx2ex6ax71x2dx74x6fx61x73x74x2dx77x72x61x70x7bx64x69x73 there was way more code but i couldent post it all

c# – A simple encryption scheme similar to OTP

Basically this scheme uses a key the same length as the data, but it generates the bytes on the fly.
They aren’t truly random, but there aren’t any obvious patterns and the output passes all the NIST tests.

Since a simple password can be used to do the de/encryption it is much easier to hand off to the recipient and any good password generator can create one.

Since only part of the generated sub keys are used, it becomes very difficult if not impossible to reverse engineer the sub key to find the previous or next sub key.

class Cipher
{
    public static IEnumerable<byte> Encrypt(string key, IEnumerable<byte> data)
    {
        return GetBytes(key, data);
    }
    public static IEnumerable<byte> Decrypt(string key, IEnumerable<byte> data)
    {
        return GetBytes(key, data);
    }
    private static IEnumerable<byte> GetBytes(string key, IEnumerable<byte> data)
    {
        if (key == null)
        {
            key = "";
        }
        if (data == null)
        {
            data = new byte() { 0 };
        }
        var temp = Sha3.Sha3512().ComputeHash(Encoding.UTF8.GetBytes(key));
        return data.Select(x => { var y = (byte)(x ^ temp(0)); temp = HashCode(temp); return y; });
    }
}

encryption – Is client-side encrypted data really personal data

Scenario: My service that is storing customer files is hosted on my own personal physical server, “on-prem”. It is then using one of the popular cloud storage services (Azure blob storage, AWS S3) to store these customer files. They may or may not contain personal data.

Before the data is sent from my server to the cloud service the data is encrypted with my secret keys that are only ever stored on the on-prem-server.

Since I am using an encryption algorithm that is considered secure and the keys never goes to the cloud, would the data I send to Azure/AWS be considered personal data under GDPR? Would I for example have to include the storage service as a sub-processor in my published list of sub-processors?

motorola moto g3 – How to get encryption keys for “adoptable storage” in MotoG3 without root – alternate methods, anyone?

So my sister in law handed me her MotoG3 where some apps had mysteriously disappeared and the videos of their little puppy were all gone (the videos of their kids were not as important apparently). Her SD was formatted as adoptable storage, no backup of course… I spent 8 hours yesterday reading up on how adoptable storage works encryption wise (not in depth, but I know about the vold dir with key files) and doing non-destructive tests on the phone. I also have a Linux “dd” copy of the SD card so I can mess around as much as I like with that card. I do understand that in a previously rooted phone it will be no match to read the key file(s) but obviously her phone is stock. In a PC environment, I would boot with Knoppix or some other Linux rescue image on a USB stick to get access to the disk in a similar case. I just wanted to ask if this can be done with a phone (preferably not just “a” phone, but the MotoG3 :).

Other ideas: The vold dir is in the /data partition and in my Linux/PC oriented mind, I have a delusional thought that perhaps one could install some “mini-OS” in the boot partition and leave the /data partition intact. That image could even have as its only task to copy the key files to a readable area or another SD card so no user-interaction would be necessary. Since no one has come up with this idea for the past 6 years or so that adopted storage has been around, I guess the answer is a big NO. Still, would anyone care to enlighten me as to why this is not possible or (still hoping!) suggest how this could be done!

Decryption of AES128 (which the partition seems encrypted with) is “cumbersome”. I guess there are no known “salts” that weaken the AES significantly that we could use to brute-force the encryption, or are there?

As an alternate method, I guess the chip could be removed from the board or perhaps read while still attached with a chip reader, but that’s over my budget and level of expertise. Also, for videos of a puppy, that might be excessive 🙂

If anyone as more ideas, feel free to reply!!!

DreamProxies - Cheapest USA Elite Private Proxies 100 Private Proxies 200 Private Proxies 400 Private Proxies 1000 Private Proxies 2000 Private Proxies ExtraProxies.com - Buy Cheap Private Proxies Buy 50 Private Proxies Buy 100 Private Proxies Buy 200 Private Proxies Buy 500 Private Proxies Buy 1000 Private Proxies Buy 2000 Private Proxies ProxiesLive Proxies-free.com New Proxy Lists Every Day Proxies123