Home
Search results “Microsoft cryptoapi aes examples”
Web Crypto API ECDH generateKey deriveBits perform AES encryption and decryption
 
00:39
Reference https://8gwifi.org/docs/window-crypto-ecdh.jsp The Web crypto api describes using Elliptic Curve Diffie-Hellman (ECDH) for key generation and key agreement, as specified by RFC6090. This is the web cryptography api example of performing ECDH generateKey and derivebits, and then using generate key to encrypt and decrypt the message in AES web crypto api example web crypto api example ecdh javascript web crypto api example ecdh
Views: 69 Zariga Tongy
Microsoft CryptoAPI
 
03:51
The Cryptographic Application Programming Interface (also known variously as CryptoAPI, Microsoft Cryptography API, MS-CAPI or simply CAPI) is an application programming interface included with Microsoft Windows operating systems that provides services to enable developers to secure Windows-based applications using cryptography. It is a set of dynamically linked libraries that provides an abstraction layer which isolates programmers from the code used to encrypt the data. The Crypto API was first introduced in Windows NT 4.0 and enhanced in subsequent versions. CryptoAPI supports both public-key and symmetric key cryptography, though persistent symmetric keys are not supported. It includes functionality for encrypting and decrypting data and for authentication using digital certificates. It also includes a cryptographically secure pseudorandom number generator function CryptGenRandom. This video is targeted to blind users. Attribution: Article text available under CC-BY-SA Creative Commons image source in video
Views: 2767 Audiopedia
Network Security - Basic Cryptography and Programming with Crypto API: Course Overview
 
03:15
Fundamentals of Computer Network Security This specialization in intended for IT professionals, computer programmers, managers, IT security professionals who like to move up ladder, who are seeking to develop network system security skills. Through four courses, we will cover the Design and Analyze Secure Networked Systems, Develop Secure Programs with Basic Cryptography and Crypto API, Hacking and Patching Web Applications, Perform Penetration Testing, and Secure Networked Systems with Firewall and IDS, which will prepare you to perform tasks as Cyber Security Engineer, IT Security Analyst, and Cyber Security Analyst. course 2 Basic Cryptography and Programming with Crypto API: About this course: In this MOOC, we will learn the basic concepts and principles of cryptography, apply basic cryptoanalysis to decrypt messages encrypted with mono-alphabetic substitution cipher, and discuss the strongest encryption technique of the one-time-pad and related quantum key distribution systems. We will also learn the efficient symmetric key cryptography algorithms for encrypting data, discuss the DES and AES standards, study the criteria for selecting AES standard, present the block cipher operating modes and discuss how they can prevent and detect the block swapping attacks, and examine how to defend against replay attacks. We will learn the Diffie-Hellman Symmetric Key Exchange Protocol to generate a symmetric key for two parties to communicate over insecure channel. We will learn the modular arithmetic and the Euler Totient Theorem to appreciate the RSA Asymmetric Crypto Algorithm, and use OpenSSL utility to realize the basic operations of RSA Crypto Algorithm. Armed with these knowledge, we learn how to use PHP Crypto API to write secure programs for encrypting and decrypting documents and for signing and verify documents. We then apply these techniques to enhance the registration process of a web site which ensures the account created is actually requested by the owner of the email account. Module 1 - Basic Cryptography In this module we learn the basic concepts and principles of crytography, introduce the basic concept of cryptoanalysis using mono-alphabetic substitution cipher as an example, and discuss the one-time-pad and quantum key distribution concepts. Learning Objectives • Compose secure program with Crypto API for encryption, authentication, and integrity checking • Understand terminologies of basic cryptography • Understand Kerchhoff Principle • Apply cryptoanalysis techniques on mono-alphabetic ciphers • Explain why one time pad is strongest and understand how quantum key can be distributed
Views: 159 intrigano
Network Security - Use Crypto API to Encrypt and Decrypt
 
14:37
Fundamentals of Computer Network Security This specialization in intended for IT professionals, computer programmers, managers, IT security professionals who like to move up ladder, who are seeking to develop network system security skills. Through four courses, we will cover the Design and Analyze Secure Networked Systems, Develop Secure Programs with Basic Cryptography and Crypto API, Hacking and Patching Web Applications, Perform Penetration Testing, and Secure Networked Systems with Firewall and IDS, which will prepare you to perform tasks as Cyber Security Engineer, IT Security Analyst, and Cyber Security Analyst. course 2 Basic Cryptography and Programming with Crypto API: About this course: In this MOOC, we will learn the basic concepts and principles of cryptography, apply basic cryptoanalysis to decrypt messages encrypted with mono-alphabetic substitution cipher, and discuss the strongest encryption technique of the one-time-pad and related quantum key distribution systems. We will also learn the efficient symmetric key cryptography algorithms for encrypting data, discuss the DES and AES standards, study the criteria for selecting AES standard, present the block cipher operating modes and discuss how they can prevent and detect the block swapping attacks, and examine how to defend against replay attacks. We will learn the Diffie-Hellman Symmetric Key Exchange Protocol to generate a symmetric key for two parties to communicate over insecure channel. We will learn the modular arithmetic and the Euler Totient Theorem to appreciate the RSA Asymmetric Crypto Algorithm, and use OpenSSL utility to realize the basic operations of RSA Crypto Algorithm. Armed with these knowledge, we learn how to use PHP Crypto API to write secure programs for encrypting and decrypting documents and for signing and verify documents. We then apply these techniques to enhance the registration process of a web site which ensures the account created is actually requested by the owner of the email account. Develop Secure Programs with Crypto API In this module, we learn how to use Crypto API to write secure programs for encrypting and decrypting documents, and for signing and verify documents. We then apply the techniques to enhance the registration process of a web site which ensures the account created is actually belonging to the owner of the email account the request profile. Learning Objectives • Develop secure programs with Crypto API for encryption, authentication, and integrity checking • Enhance the registration process of the web site by using the crypto api • Create and utilize the Crypto API to sign and verify documents Subscribe at: https://www.coursera.org
Views: 196 intrigano
Compiling Crypto++ library into the Microsoft Visual C++ Environment + Running Sample program
 
15:20
Link to the Blod Entry on Crypto++------http://programmingknowledgeblog.blogspot.de/2013/04/compiling-and-integrating-crypto-into.html c++ - about encryption and decryption using Crypto++ library Compiling and Integrating Crypto++ into the Microsoft Visual C++ .c++ - How do I install Crypto++ in Visual Studio 2010 Windows 7. Running Sample program Example How to build C++ cryptographic library, Crypto++ - NuLL CryptoPP DLL How to build Crypto++ dynamically on Microsoft Windows and Visual C++? ... is that your are linking against different versions of the run-time libraries....Visual C++ Crypto++ Library 5.6.2 - a Free C++ Class Library of Cryptographic encryption.cryptopp - Re: How to use Crypto++ with Visual C++ 6.0 Searches related to how to compile and run crypto++ in visual c++ ------------------Online Courses to learn---------------------------- Java - https://bit.ly/2H6wqXk C++ - https://bit.ly/2q8VWl1 AngularJS - https://bit.ly/2qebsLu Python - https://bit.ly/2Eq0VSt C- https://bit.ly/2HfZ6L8 Android - https://bit.ly/2qaRSAS Linux - https://bit.ly/2IwOuqz AWS Certified Solutions Architect - https://bit.ly/2JrGoAF Modern React with Redux - https://bit.ly/2H6wDtA MySQL - https://bit.ly/2qcF63Z ----------------------Follow--------------------------------------------- My Website - http://www.codebind.com My Blog - https://goo.gl/Nd2pFn My Facebook Page - https://goo.gl/eLp2cQ Google+ - https://goo.gl/lvC5FX Twitter - https://twitter.com/ProgrammingKnow Pinterest - https://goo.gl/kCInUp Text Case Converter - https://goo.gl/pVpcwL -------------------------Stuff I use to make videos ------------------- Stuff I use to make videos Windows notebook – http://amzn.to/2zcXPyF Apple MacBook Pro – http://amzn.to/2BTJBZ7 Ubuntu notebook - https://amzn.to/2GE4giY Desktop - http://amzn.to/2zct252 Microphone – http://amzn.to/2zcYbW1 notebook mouse – http://amzn.to/2BVs4Q3 ------------------Facebook Links ---------------------------------------- http://fb.me/ProgrammingKnowledgeLearning/ http://fb.me/AndroidTutorialsForBeginners http://fb.me/Programmingknowledge http://fb.me/CppProgrammingLanguage http://fb.me/JavaTutorialsAndCode http://fb.me/SQLiteTutorial http://fb.me/UbuntuLinuxTutorials http://fb.me/EasyOnlineConverter
Views: 20755 ProgrammingKnowledge
Comparing the Usability of Cryptographic APIs
 
21:18
Comparing the Usability of Cryptographic APIs Yasemin Acar (CISPA, Saarland University) Presented at the 2017 IEEE Symposium on Security & Privacy May 22–24, 2017 San Jose, CA http://www.ieee-security.org/TC/SP2017/ ABSTRACT Potentially dangerous cryptography errors are well-documented in many applications. Conventional wisdom suggests that many of these errors are caused by cryptographic Application Programming Interfaces (APIs) that are too complicated, have insecure defaults, or are poorly documented. To address this problem, researchers have created several cryptographic libraries that they claim are more usable; however, none of these libraries have been empirically evaluated for their ability to promote more secure development. This paper is the first to examine both how and why the design and resulting usability of different cryptographic libraries affects the security of code written with them, with the goal of understanding how to build effective future libraries. We conducted a controlled experiment in which 256 Python developers recruited from GitHub attempt common tasks involving symmetric and asymmetric cryptography using one of five different APIs. We examine their resulting code for functional correctness and security, and compare their results to their self-reported sentiment about their assigned library. Our results suggest that while APIs designed for simplicity can provide security benefits—reducing the decision space, as expected, prevents choice of insecure parameters—simplicity is not enough. Poor documentation, missing code examples, and a lack of auxiliary features such as secure key storage, caused even participants assigned to simplified libraries to struggle with both basic functional correctness and security. Surprisingly, the availability of comprehensive documentation and easy-to-use code examples seems to compensate for more complicated APIs in terms of functionally correct results and participant reactions; however, this did not extend to security results. We find it particularly concerning that for about 20% of functionally correct tasks, across libraries, participants believed their code was secure when it was not. Our results suggest that while new cryptographic libraries that want to promote effective security should offer a simple, convenient interface, this is not enough: they should also, and perhaps more importantly, ensure support for a broad range of common tasks and provide accessible documentation with secure, easy-to-use code examples.'
Network Security - Advanced Encryption Standard
 
09:22
Fundamentals of Computer Network Security This specialization in intended for IT professionals, computer programmers, managers, IT security professionals who like to move up ladder, who are seeking to develop network system security skills. Through four courses, we will cover the Design and Analyze Secure Networked Systems, Develop Secure Programs with Basic Cryptography and Crypto API, Hacking and Patching Web Applications, Perform Penetration Testing, and Secure Networked Systems with Firewall and IDS, which will prepare you to perform tasks as Cyber Security Engineer, IT Security Analyst, and Cyber Security Analyst. course 2 Basic Cryptography and Programming with Crypto API: About this course: In this MOOC, we will learn the basic concepts and principles of cryptography, apply basic cryptoanalysis to decrypt messages encrypted with mono-alphabetic substitution cipher, and discuss the strongest encryption technique of the one-time-pad and related quantum key distribution systems. We will also learn the efficient symmetric key cryptography algorithms for encrypting data, discuss the DES and AES standards, study the criteria for selecting AES standard, present the block cipher operating modes and discuss how they can prevent and detect the block swapping attacks, and examine how to defend against replay attacks. We will learn the Diffie-Hellman Symmetric Key Exchange Protocol to generate a symmetric key for two parties to communicate over insecure channel. We will learn the modular arithmetic and the Euler Totient Theorem to appreciate the RSA Asymmetric Crypto Algorithm, and use OpenSSL utility to realize the basic operations of RSA Crypto Algorithm. Armed with these knowledge, we learn how to use PHP Crypto API to write secure programs for encrypting and decrypting documents and for signing and verify documents. We then apply these techniques to enhance the registration process of a web site which ensures the account created is actually requested by the owner of the email account. Module 2 - Symmetric Key Cryptography In this module we present the basic mechanism of symmetric key crytography algorithms, discuss the DES and AES standard, describe the criteria for selecting AES standard, present the block cipher operating modes and discuss how the block swapping attacks and replay attacks can be prevented and detected. Learning Objectives • Understand the criteria for selecting crypto algorithms • Perform cryptoanalysis on simple ciphers • Select operating modes for symmetric encryption and to prevent block swapping and replay attacks • Understand DES and AES standards and their buildig blocks Subscribe at: https://www.coursera.org
Views: 36 intrigano
crypto api calls
 
02:47
crypto api calls
Views: 60 Jeannette Glass
What is CRYPTOGRAPHIC SERVICE PROVIDER? What does CRYPTOGRAPHIC SERVICE PROVIDER mean?
 
04:19
What is CRYPTOGRAPHIC SERVICE PROVIDER? What does CRYPTOGRAPHIC SERVICE PROVIDER mean? CRYPTOGRAPHIC SERVICE PROVIDER meaning - CRYPTOGRAPHIC SERVICE PROVIDER definition - CRYPTOGRAPHIC SERVICE PROVIDER explanation. Source: Wikipedia.org article, adapted under https://creativecommons.org/licenses/by-sa/3.0/ license. SUBSCRIBE to our Google Earth flights channel - https://www.youtube.com/channel/UC6UuCPh7GrXznZi0Hz2YQnQ In Microsoft Windows, a Cryptographic Service Provider (CSP) is a software library that implements the Microsoft CryptoAPI (CAPI). CSPs implement encoding and decoding functions, which computer application programs may use, for example, to implement strong user authentication or for secure email. CSPs are independent modules that can be used by different applications. A user program calls CryptoAPI functions and these are redirected to CSPs functions. Since CSPs are responsible for implementing cryptographic algorithms and standards, applications do not need to be concerned about security details. Furthermore, one application can define which CSP it is going to use on its calls to CryptoAPI. In fact, all cryptographic activity is implemented in CSPs. CryptoAPI only works as a bridge between the application and the CSP. CSPs are implemented basically as a special type of DLL with special restrictions on loading and use. Every CSP must be digitally signed by Microsoft and the signature is verified when Windows loads the CSP. In addition, after being loaded, Windows periodically re-scans the CSP to detect tampering, either by malicious software such as computer viruses or by the user him/herself trying to circumvent restrictions (for example on cryptographic key length) that might be built into the CSP's code. To obtain a signature, non-Microsoft CSP developers must supply paperwork to Microsoft promising to obey various legal restrictions and giving valid contact information. As of circa 2000, Microsoft did not charge any fees to supply these signatures. For development and testing purposes, a CSP developer can configure Windows to recognize the developer's own signatures instead of Microsoft's, but this is a somewhat complex and obscure operation unsuitable for nontechnical end users. The CAPI/CSP architecture had its origins in the era of restrictive US government controls on the export of cryptography. Microsoft's default or "base" CSP then included with Windows was limited to 512-bit RSA public-key cryptography and 40-bit symmetric cryptography, the maximum key lengths permitted in exportable mass market software at the time. CSPs implementing stronger cryptography were available only to U.S. residents, unless the CSPs themselves had received U.S. government export approval. The system of requiring CSPs to be signed only on presentation of completed paperwork was intended to prevent the easy spread of unauthorized CSPs implemented by anonymous or foreign developers. As such, it was presented as a concession made by Microsoft to the government, in order to get export approval for the CAPI itself. After the Bernstein v. United States court decision establishing computer source code as protected free speech and the transfer of cryptographic regulatory authority from the U.S. State Department to the more pro-export Commerce Department, the restrictions on key lengths were dropped, and the CSPs shipped with Windows now include full-strength cryptography. The main use of third-party CSPs is to interface with external cryptography hardware such as hardware security modules (HSM) or smart cards.
Views: 1475 The Audiopedia
What is CRYPTOGRAPHIC ACCELERATOR? What does CRYPTOGRAPHIC ACCELERATOR mean?
 
01:45
What is CRYPTOGRAPHIC ACCELERATOR? What does CRYPTOGRAPHIC ACCELERATOR mean? CRYPTOGRAPHIC ACCELERATOR meaning - CRYPTOGRAPHIC ACCELERATOR definition - CRYPTOGRAPHIC ACCELERATOR explanation. Source: Wikipedia.org article, adapted under https://creativecommons.org/licenses/by-sa/3.0/ license. In computing, a cryptographic accelerator is a co-processor designed specifically to perform computationally intensive cryptographic operations, doing so far more efficiently than the general-purpose CPU. Because many servers' system load consists mostly of cryptographic operations, this can greatly increase performance. Intel's AES-NI is by far the most common cryptographic accelerator in commodity hardware. VIA PadLock is another recent example. Several operating systems provide some support for cryptographic hardware. The BSD family of systems has the OpenBSD Cryptographic Framework (OCF), Linux systems have the Crypto API, Solaris OS has the Solaris Cryptographic Framework (SCF) and Microsoft Windows has the Microsoft CryptoAPI. Some cryptographic accelerators offer new machine instructions and can therefore be used directly by programs. Libraries such as OpenSSL and LibreSSL support some such cryptographic accelerators. Almost all Unix-like operating systems use OpenSSL or the fork LibreSSL as their cryptography library. These libraries use cryptographic accelerators such as AES-NI if available.
Views: 266 The Audiopedia
Network Security - Use Crypto API to Sign and Verify
 
09:56
Fundamentals of Computer Network Security This specialization in intended for IT professionals, computer programmers, managers, IT security professionals who like to move up ladder, who are seeking to develop network system security skills. Through four courses, we will cover the Design and Analyze Secure Networked Systems, Develop Secure Programs with Basic Cryptography and Crypto API, Hacking and Patching Web Applications, Perform Penetration Testing, and Secure Networked Systems with Firewall and IDS, which will prepare you to perform tasks as Cyber Security Engineer, IT Security Analyst, and Cyber Security Analyst. course 2 Basic Cryptography and Programming with Crypto API: About this course: In this MOOC, we will learn the basic concepts and principles of cryptography, apply basic cryptoanalysis to decrypt messages encrypted with mono-alphabetic substitution cipher, and discuss the strongest encryption technique of the one-time-pad and related quantum key distribution systems. We will also learn the efficient symmetric key cryptography algorithms for encrypting data, discuss the DES and AES standards, study the criteria for selecting AES standard, present the block cipher operating modes and discuss how they can prevent and detect the block swapping attacks, and examine how to defend against replay attacks. We will learn the Diffie-Hellman Symmetric Key Exchange Protocol to generate a symmetric key for two parties to communicate over insecure channel. We will learn the modular arithmetic and the Euler Totient Theorem to appreciate the RSA Asymmetric Crypto Algorithm, and use OpenSSL utility to realize the basic operations of RSA Crypto Algorithm. Armed with these knowledge, we learn how to use PHP Crypto API to write secure programs for encrypting and decrypting documents and for signing and verify documents. We then apply these techniques to enhance the registration process of a web site which ensures the account created is actually requested by the owner of the email account. Develop Secure Programs with Crypto API In this module, we learn how to use Crypto API to write secure programs for encrypting and decrypting documents, and for signing and verify documents. We then apply the techniques to enhance the registration process of a web site which ensures the account created is actually belonging to the owner of the email account the request profile. Learning Objectives • Develop secure programs with Crypto API for encryption, authentication, and integrity checking • Enhance the registration process of the web site by using the crypto api • Create and utilize the Crypto API to sign and verify documents Subscribe at: https://www.coursera.org
Views: 60 intrigano
IPWCrypto   The Java Crypto API
 
00:33
IPWCrypto - The Java Crypto API video tutorial
Views: 39 Suyanto Po
Network Security - RSA Asymmetric Crypto Algorithm
 
17:38
Fundamentals of Computer Network Security This specialization in intended for IT professionals, computer programmers, managers, IT security professionals who like to move up ladder, who are seeking to develop network system security skills. Through four courses, we will cover the Design and Analyze Secure Networked Systems, Develop Secure Programs with Basic Cryptography and Crypto API, Hacking and Patching Web Applications, Perform Penetration Testing, and Secure Networked Systems with Firewall and IDS, which will prepare you to perform tasks as Cyber Security Engineer, IT Security Analyst, and Cyber Security Analyst. course 2 Basic Cryptography and Programming with Crypto API: About this course: In this MOOC, we will learn the basic concepts and principles of cryptography, apply basic cryptoanalysis to decrypt messages encrypted with mono-alphabetic substitution cipher, and discuss the strongest encryption technique of the one-time-pad and related quantum key distribution systems. We will also learn the efficient symmetric key cryptography algorithms for encrypting data, discuss the DES and AES standards, study the criteria for selecting AES standard, present the block cipher operating modes and discuss how they can prevent and detect the block swapping attacks, and examine how to defend against replay attacks. We will learn the Diffie-Hellman Symmetric Key Exchange Protocol to generate a symmetric key for two parties to communicate over insecure channel. We will learn the modular arithmetic and the Euler Totient Theorem to appreciate the RSA Asymmetric Crypto Algorithm, and use OpenSSL utility to realize the basic operations of RSA Crypto Algorithm. Armed with these knowledge, we learn how to use PHP Crypto API to write secure programs for encrypting and decrypting documents and for signing and verify documents. We then apply these techniques to enhance the registration process of a web site which ensures the account created is actually requested by the owner of the email account. Asymmetric Key Cryptography In this module we will learn the modular arithmetic, the Euler Totient Theorm, the RSA Asymmetric Crypto Algorithm, use OpenSSL to realize the basic operations of RSA Crypto Algorithm, and Diffie-Hellman Symmetric Key Exchange Protocol to derive session keys. Learning Objectives • Use Diffi-Hellman algorithm for Key Exchange • Apply RSA with OpenSSL for signing and encryption • Describe RSA Asymmetric Crypto Algorithm Subscribe at: https://www.coursera.org
Views: 61 intrigano
HERMES Ransomware - Interactive Analysis with ANY.RUN
 
01:27
Video of Interactive Analysis of Ransomware named Hermes (v2.1) Full analysis with the sample and all of IOC (Hashes, Domains, IPs) available in our service by link:
Views: 193 ANY.RUN
LPC2018 - Zinc: Minimal Light-weight Kernel Cryptography API
 
48:50
url: https://linuxplumbersconf.org/event/2/contributions/254/ speaker: Jason Donenfeld
Features new to Windows XP
 
01:57:56
Windows XP introduced many features not found in previous versions of Windows. This video is targeted to blind users. Attribution: Article text available under CC-BY-SA Creative Commons image source in video
Views: 628 Audiopedia
Asymmetric Encryption and Decryption using C#
 
05:51
This tutorial explains how to write a program in C# for Asymmetric Encryption and Decryption, particularly using BouncyCastle API. To add BouncyCastle API, check out our previous video at: https://www.youtube.com/watch?v=4iPzIEXC7a8
Views: 2353 PKIIndia
DEF CON 24 - Jake Kambic - Cunning with CNG: Soliciting Secrets from Schannel
 
41:17
Secure Channel (Schannel) is Microsoft's standard SSL/TLS Library underpinning services like RDP, Outlook, Internet Explorer, Windows Update, SQL Server, LDAPS, Skype and many third party applications. Schannel has been the subject of scrutiny in the past several years from an external perspective due to reported vulnerabilities, including a RCE. What about the internals? How does Schannel guard its secrets? This talk looks at how Schannel leverages Microsoft's CryptoAPI-NG (CNG) to cache the master keys, session keys, private and ephemeral keys, and session tickets used in TLS/SSL connections. It discusses the underlying data structures, and how to extract both the keys and other useful information that provides forensic context about connection. This information is then leveraged to decrypt session that use ephemeral cipher suites, which don't rely on the private key for decryption. Information in the cache lives for at least 10 hours by default on modern configurations, storing up to 20,000 entries for client and server each. This makes it forensically relevant in cases where other evidence of connection may have dissipated. Bio: Jake Kambic is a DFIR researcher and network penetration tester
Views: 1339 DEFCONConference
The Hidden World of Crypto - The Linux Cryptography API Part I
 
59:32
The Linux kernel has a rich and modular cryptographic API that is used extensively by familiar user facing software such as Android. It's also cryptic, badly documented, subject to change and can easily bite you in unexpected and painful ways. This talk will describe the cryptography API, provide some usage example and discuss some of the more interesting in-kernel users, such as DM-Crypt, DM-Verity and the new file system encryption code. Slides available at: https://www.slideshare.net/kerneltlv/linux-kernel-cryptographic-api-and-use-cases Gilad Ben-Yossef is a principal software engineer at ARM. He works on the kernel security sub-system and the ARM CryptCell engine. Open source work done by Gilad includes an experiment in integration of network processors in the networking stack, a patch set for reducing the interference caused to user space processes in large multi-core systems by Linux kernel “maintenance” work and on SMP support for the Synopsys Arc processor among others. Gilad has co-authored O’Reilly’s “Building Embedded Linux Systems” 2nd edition and presented at such venues as Embedded Linux Conference Europe and the Ottawa Linux Symposium, as well as co-founded Hamakor, an Israeli NGO for the advancement for Open Source and Free Software in Israel. When not hacking on kernel code you can find Gilad meditating and making dad jokes on Twitter.
Views: 876 KernelTLV
C# Salting & Hashing Passwords
 
10:42
Quick demo using .NET and coding a Salt and Hashed password functionality in C#.
Views: 31864 Chris Duran
DEF CON 24 - Jake Kambic - Cunning with CNG: Soliciting Secrets from Schannel
 
41:17
Secure Channel (Schannel) is Microsoft's standard SSL/TLS Library underpinning services like RDP, Outlook, Internet Explorer, Windows Update, SQL Server, LDAPS, Skype and many third party applications. Schannel has been the subject of scrutiny in the past several years from an external perspective due to reported vulnerabilities, including a RCE. What about the internals? How does Schannel guard its secrets? This talk looks at how Schannel leverages Microsoft's CryptoAPI-NG (CNG) to cache the master keys, session keys, private and ephemeral keys, and session tickets used in TLS/SSL connections. It discusses the underlying data structures, and how to extract both the keys and other useful information that provides forensic context about connection. This information is then leveraged to decrypt session that use ephemeral cipher suites, which don't rely on the private key for decryption. Information in the cache lives for at least 10 hours by default on modern configurations, storing up to 20,000 entries for client and server each. This makes it forensically relevant in cases where other evidence of connection may have dissipated. Bio: Jake Kambic is a DFIR researcher and network penetration tester
Views: 29 Security Hub