Hi,
I'm trying to devise a scheme to encrypt/obfuscate a short string that
basically contains the user's username and record number from the
database. I'm using this encrypted string to identify emails from a
user. (the string will be in the subject line of the email).
I'm trying to figure out which approach I should use to encrypt the
data. The string will be less than 20 characters long, and I'd like
the encrypted version to be about the same size.
I tried DES in the Crypto module, but the cipher text was to long to
be usable in this case.
Any suggestions?
Thanks!
12  5701 
erikcw napisal(a):
Hi,
I'm trying to devise a scheme to encrypt/obfuscate a short string that
basically contains the user's username and record number from the
database. I'm using this encrypted string to identify emails from a
user. (the string will be in the subject line of the email).
I'm trying to figure out which approach I should use to encrypt the
data. The string will be less than 20 characters long, and I'd like
the encrypted version to be about the same size.
I tried DES in the Crypto module, but the cipher text was to long to
be usable in this case.
Any suggestions?
Thanks!
How about :
>>hashlib.sha256("jo********@example.com|293726783 4").hexdigest()[:20]
Regards,
Marek
On Feb 11, 3:07 pm, marek.ro...@wp.pl wrote:
erikcw napisal(a):
Hi,
I'm trying to devise a scheme to encrypt/obfuscate a short string that
basically contains the user's username and record number from the
database. I'm using this encrypted string to identify emails from a
user. (the string will be in the subject line of the email).
I'm trying to figure out which approach I should use to encrypt the
data. The string will be less than 20 characters long, and I'd like
the encrypted version to be about the same size.
I tried DES in the Crypto module, but the cipher text was to long to
be usable in this case.
Any suggestions?
Thanks!
How about:
>hashlib.sha256("john.sm...@example.com|2937267834 ").hexdigest()[:20]
Regards,
Marek
Thanks Marek,
But that can't be reversed, right? I'd like to be able to decrypt the
data instead of having to store the hash in my database...
erikcw <er***********@gmail.comwrites:
database. I'm using this encrypted string to identify emails from a
user. (the string will be in the subject line of the email).
1. I hope you're not trying to spam anyone.
2. What happens if the user edits the subject line?
I'm trying to figure out which approach I should use to encrypt the
data. The string will be less than 20 characters long, and I'd like
the encrypted version to be about the same size.
Under normal security requirements you cannot do this. The ciphertext
has to be longer than the plaintext since you don't want the opponent
to be able to tell whether two plaintexts are the same. Therefore you
have to attach some random padding to each plaintext. Also, you
presumably want the ciphertext to be encoded as printing characters,
while normally you'd treat the input as binary, so there is some
further expansion.
erikcw napisal(a):
But that can't be reversed, right? I'd like to be able to decrypt the
data instead of having to store the hash in my database...
In such case it seems you have no choice but to use a symmetric
encryption algorithm - in other words, your original method. If the
strings are ~20 bytes long (3 DES blocks), then the base64-encoded
ciphertext will have 32 characters. In case of AES, that'll be up to
45 characters. Wouldn't such length be acceptable?
Paul Rubin napisal(a):
2. What happens if the user edits the subject line?
Under normal security requirements you cannot do this. The ciphertext
has to be longer than the plaintext since you don't want the opponent
to be able to tell whether two plaintexts are the same. Therefore you
have to attach some random padding to each plaintext. Also, you
presumably want the ciphertext to be encoded as printing characters,
while normally you'd treat the input as binary, so there is some
further expansion.
If what erikcw is looking for is a cryptographically secure protocol,
there are more things to be careful about, like authentication or
replay attacks. But indeed, I'm wondering now what his use-case is.
I'm using this encrypted string to identify emails from a
user. (the string will be in the subject line of the email).
Why not use "From" field to identify emails from a particular user?
Regards,
Marek
On Feb 11, 4:07 pm, marek.ro...@wp.pl wrote:
erikcw napisal(a):But that can't be reversed, right? I'd like to be able to decrypt the
data instead of having to store the hash in my database...
In such case it seems you have no choice but to use a symmetric
encryption algorithm - in other words, your original method. If the
strings are ~20 bytes long (3 DES blocks), then the base64-encoded
ciphertext will have 32 characters. In case of AES, that'll be up to
45 characters. Wouldn't such length be acceptable?
Paul Rubin napisal(a):2. What happens if the user edits the subject line?
Under normal security requirements you cannot do this. The ciphertext
has to be longer than the plaintext since you don't want the opponent
to be able to tell whether two plaintexts are the same. Therefore you
have to attach some random padding to each plaintext. Also, you
presumably want the ciphertext to be encoded as printing characters,
while normally you'd treat the input as binary, so there is some
further expansion.
If what erikcw is looking for is a cryptographically secure protocol,
there are more things to be careful about, like authentication or
replay attacks. But indeed, I'm wondering now what his use-case is.I'm using this encrypted string to identify emails from a
user. (the string will be in the subject line of the email).
Why not use "From" field to identify emails from a particular user?
Regards,
Marek
In essence what I'm doing is trying to manage tickets for a helpdesk.
I want the ticket identifier to be short enough to fit in the subject
line along with the normal subject chosen by the user. So
cryptographic security isn't really important. I can't use the from:
field because a single user could have multiple tickets.
Hi,
On 2/11/08, erikcw <er***********@gmail.comwrote:
In essence what I'm doing is trying to manage tickets for a helpdesk.
I want the ticket identifier to be short enough to fit in the subject
line along with the normal subject chosen by the user. So
cryptographic security isn't really important. I can't use the from:
field because a single user could have multiple tickets.
I've always wondered why such systems don't use the Message-ID or
Reference headers - I know they aren't preserved by all mailers but I
think that having this info in the subject line is
a) visually disturbing (subjective)
b) I guess that the risk of a user modifying the subject line is the
same than finding a programm that doesn't to some extent honor the
headers i mentioned...
<flame>
c) Personally whenever I find a mail that says please keep this in the
subject I delete that number on purpose...
</flame>
martin
-- http://noneisyours.marcher.name https://twitter.com/MartinMarcher http://www.xing.com/profile/Martin_Marcher http://www.linkedin.com/in/martinmarcher
You are not free to read this message,
by doing so, you have violated my licence
and are required to urinate publicly. Thank you.
En Mon, 11 Feb 2008 19:19:00 -0200, erikcw <er***********@gmail.com>
escribió:
In essence what I'm doing is trying to manage tickets for a helpdesk.
I want the ticket identifier to be short enough to fit in the subject
line along with the normal subject chosen by the user. So
cryptographic security isn't really important. I can't use the from:
field because a single user could have multiple tickets.
And you don't like [bug12345] or even [12345]? To the user, it's a lot
clear its purpose, and anybody will understand what you mean if you say
"Please maintain the bug number in the subject line" or similar.
--
Gabriel Genellina
On Feb 12, 2:45*am, erikcw <erikwickst...@gmail.comwrote:
Hi,
I'm trying to devise a scheme to encrypt/obfuscate a short string that
basically contains the user's username and record number from the
database. *I'm using this encrypted string to identify emails from a
user. (the string will be in the subject line of the email).
I'm trying to figure out which approach I should use to encrypt the
data. *The string will be less than 20 characters long, and I'd like
the encrypted version to be about the same size.
I tried DES in the Crypto module, but the cipher text was to long to
be usable in this case.
Any suggestions?
Thanks!
There is a simple encryption, called ROT13 (Rotate 13). This is very
unsecure for any cryptographical purpose, but enough to make
uninformed user to think it's just a random piece of letters.
The ROT13 is done by adding 13 to each character, so
A =N,
B =O,
C =P,
D =Q, etc
the neat trick to this encryption is the algorithm is really simple
and you don't need a separate decoding algorithm as text ==
ROT13(ROT13(text)). This algorithm also guarantees that any two
different text would have two different ciphertext
Lie wrote:
There is a simple encryption, called ROT13 (Rotate 13). This is
very unsecure for any cryptographical purpose,
For enhanced security use TROT13 (triple ROT13).
but enough to make uninformed user to think it's just a random
piece of letters.
Security by obscurity doesn't work. If it needs to be protected,
protect it well. If it doesn't need to, you don't need to obscure
it at all.
Regards,
Björn
--
BOFH excuse #372:
Forced to support NT servers; sysadmins quit.
In article <13*************@corp.supernews.com>,
Steven D'Aprano <st***@REMOVE-THIS-cybersource.com.auwrote:
I really don't recommend the ROT13 cipher, as this is extremely easy to
crack. Most grade school kids could break this one in seconds. ;-)
I think you missed the point. Any recommendation to use ROT13 is likely
to be a joke. A recommendation to use Triple ROT13 is *absolutely* a
joke.
ROT13 does have a legitimate use, but it's not as a cypher. It is really
the equivalent of the newspaper quiz where the answers are upside down at
the bottom of the page. By doing this you stop seeing the answers too
early.
--
David Wild using RISC OS on broadband www.davidhwild.me.uk
In article <ma*************************************@python.or g>,
Steve Holden <st***@holdenweb.comwrote:
Of course, but ROT13 ^ (2n*1) is equivalent to ROT13 for all positive
integer n.
Why restrict that to positive integers? I believe it works for all
integers. But I do think you meant 2n+1, not 2n*1.
Roy Smith wrote:
In article <ma*************************************@python.or g>,
Steve Holden <st***@holdenweb.comwrote:
>Of course, but ROT13 ^ (2n*1) is equivalent to ROT13 for all positive
integer n.
Why restrict that to positive integers? I believe it works for all
integers. But I do think you meant 2n+1, not 2n*1.
Yes, I did. "*" and "+" are much closer in my mind than they are on the
keyboard :-)
regards
Steve
--
Steve Holden +1 571 484 6266 +1 800 494 3119
Holden Web LLC http://www.holdenweb.com/ This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Dayne |
last post by:
Guys,
I am writing a database application(vb.net , sql server) and is presently
storing the connection settings in a xml file...not very secure though. What
is a safer method in a dynamic...
|
by: Andy G |
last post by:
If users forget there passwords I want to send a link to them through email
so they can click on a link and go to a change password page. eBay does
this by sending you a url that looks something...
|
by: Bob Hollness |
last post by:
OK, this has me pulling my hair out. All I want to do is encrypt/decrypt
strings. They may be up to 400 characters in length though.
So, I assume System.Security.Cryptography is the one to use....
|
by: frizzle |
last post by:
Hi there,
I need an encrypting function, but haven't got a clue where to start.
First a string has to be encrypted with two different encryption keys.
Both output should be anything a-z / A-Z /...
|
by: Thirsty Traveler |
last post by:
I hear that MD5 is not recommended for encrypting database passwords in that
it can be compromised. Does anyone have a recomendation (SHA-1, etc.) on an
algorithm that would be more appropriate.
| | |
by: Chris Dunaway |
last post by:
I have an application which is installed on a network share to be run
from one or more workstations. I have granted trust to the
applications on the workstations and the appropriate permissions on...
|
by: |
last post by:
I've written code for encrpting files, but I can't seem to find
examples where the password is secure from user input to wiping it from
memory after decryption. Is this atually possible in c#?...
|
by: dfa_geko |
last post by:
Hi All,
I had a question about encrypting and decrypting XML files using asymmetric
keys. I copied some sample code from MSDN, here are the samples:
...
|
by: SeeSharp Bint |
last post by:
Visual Studio 2005, dotnet, c#. Microsoft SQL Server. Windows XP forms
application.
Temporarily, for my database application, I have been storing the various
elements of database connection...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
