Android encryption

The java AES library has a flaw in it that allows, under the right circumstances, a listener to decrypt the packets sent. See Padding Oracle Exploit Tool vs Apache MyFaces. That being said check out this SO question Java 256bit AES Encryption. Bouncy Castle AES EXAMPLE stolen from: import javax.crypto.Cipher; import javax.crypto.spec.SecretKeySpec; public class … Read more

Compute a hash from a stream of unknown length in C#

MD5, like other hash functions, does not require two passes. To start: HashAlgorithm hasher = ..; hasher.Initialize(); As each block of data arrives: byte[] buffer = ..; int bytesReceived = ..; hasher.TransformBlock(buffer, 0, bytesReceived, null, 0); To finish and retrieve the hash: hasher.TransformFinalBlock(new byte[0], 0, 0); byte[] hash = hasher.Hash; This pattern works for any … Read more

SecureRandom with NativePRNG vs SHA1PRNG

TL;DR: Use new SecureRandom() when you’re not sure and let the system figure it out. Possibly use SecureRandom.getInstanceStrong() for long term key generation. Do not expect a random number generator to generate a specific output sequence within a runtime application, not even if you seed it yourself. With random number generators it is always hard … Read more

How does a cryptographically secure random number generator work?

A cryptographically secure number random generator, as you might use for generating encryption keys, works by gathering entropy – that is, unpredictable input – from a source which other people can’t observe. For instance, /dev/random(4) on Linux collects information from the variation in timing of hardware interrupts from sources such as hard disks returning data, … Read more