I would like to sign records in a database with a secure timestamp to prove they have not been altered by anyone after that date.
What methods or protocols should I consider? RFC 3161? Most of the websites I ve found that claim to provide that service don t really look very reputable to me.
Is it possible to roll your own?
If you re looking for a working RFC3161 server then http://time.certum.pl/ has been one that I ve known and has been around.
If you re looking for a bigger solution that do not depend on a single secret based timestamping box (basically something that scales well) have a look at http://www.guardtime.com
Technically, a timestamp is a UNIX timestamp :) But the properties you seem to assign to a timestamp are a hash and a "signature" (possibility to verify that the claim that a certain hash existed at a certain time).
Anything that has to do with "trust" is something you can roll your own. The same way you can roll your own CA, the same way you can roll your own standards-based service or invent your own scheme. But convincing other parties to "trust" the thing you ve rolled your own might be trickier.
That s why people pay for CA certificates - they are pre-trusted by browser vendors. That s why when you need a solution that others have to trust or if you re obliged to timestamp your data, you need a certified timestamp source.
Simple method would be to append the values you want to make sure is not tampered, add a salt to it, and then md5 all of it, and save the md5 hash.
So if you have a table with the columns: Username, Firstname, Lastname, Hash
You do a md5(Username+Firstname+Lastname+"MySuperSecretSalt") and save the value in Hash.
But I must say, it sounds like a weird thing to do.
For security reasons, it is desirable to check the integrity of code before execution, avoiding tampered software by an attacker. So, my question is How to sign executable code and run only trusted ...
I run findbugs against all of my code and only tackle the top stuff. I finally got the top stuff resolved and now am looking at the details. I have a simple entity, say a user: public class User ...
Anyone know if jsbin.com implements any protection for XSS or other javascript attacks? I see jsbin links used fairly regularly on sites like this one and I can t find any indication from the site ...
Im making a website that will intergrate with game that only support md5 hashing metod (atm). Which ofc is not especially safe anymore. But how could i make it stronger? Should I just generate long ...
I am trying to find out the difference between difference service account types. I tumbled upon this question. The answer was because it has powerful access to local resources, and Network Service ...
I am trying to write a script to prevent brute-force login attempts in a website I m building. The logic goes something like this: User sends login information. Check if username and password is ...
Three SHA512Managed related questions: Is SHA512Managed considered the best one-way hash available in .NET 3.5 for security? What Salt size should be used with SHA512Managed? The application is for ...
[Update] - I attach also full config files, for service, and for client (outside of here, not to flood the topic) I m having situation pretty much identical to the one outlined in this question, ...
