Archives for encryption
Hashing and Loss of Information
Hashing and Loss of Information, Key Derivation Hash functions lose information that is present in the input data. This is required in order to generate a fixed-length output hash value. This…
Hash and then Encrypt?
Hash and then Encrypt? Recently, I came across some code that did this. It makes no sense to do this. Hashing an input before encrypting it with an algorithm like…
Alternatives and Competitors to PKI Encryption
Competitors to PKI: Identity-Based Encryption (IBE): Instead of relying on certificates like PKI, IBE uses identity information (, email address) as the public key. Competitors: Voltage Security (now part of…
Cloud Encryption as a service providers
Also read Cloud KMS - Encryption as a service Encryption-as-a-Service Providers: Amazon Web Services (AWS) Key Management Service (KMS): Provides encryption services with integrated key management for AWS services and…
Installing certbot on an EC2 using AWS Systems Manager
Registering the certbot client and requesting a certificate - sudo yum -y install yum-utils - sudo yum -y install - sudo yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional - sudo yum -y install certbot - sudo certbot register --server {{ CertServerUrl }} -m {{ contactEmail }} --no-eff-email - sudo certbot certonly --server {{ CertServerUrl }} --cert-name {{ certName }} -d {{ certDomains }} --webroot-path {{ webrootPath }} > / The terraform file () # input variables variable "instance_ids" { type = list default = } variable "cert_common_name" { type = string default = "avTestCert" }…
Tokenization versus Encryption vs Data Masking
Tokens are pointers to data - and substitute data (not transform it) Tokenization Pros Use Cases - PCI Data - Credit Card info etc. Tokenization reduces the in-house responsibility of…
Why do we need certificates at all in PKI?
The public key that is used to send someone a message (for example - if someone wants to send me a message, they will use my public key - so…
Extracting the Private Key and the Cert Bundle from a PFX file
You've been handed a PFX file and asked to get the .key file (the private key) and a new cert bundle (.crt) out of it Step 1 Install OpenSSL on…
Message Digests of Passwords, Adding Randomness
To avoid clear text transmission of passwords and username, use Message Digests. Send the digest of the password (which is the same digest stored in the user database). However, a…
Diffie Helman, Symmetric and Asymmetric Encryption
Symmetric Encryption has two potential drawbacks. The first of these is the commonly known Man in the Middle attack. The second is a limitation on reuse. Man in the Middle…