Articles & Videos



Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

Share tech news, updates, or what's on your mind.

Sign up to Post

For Microsoft SQL, 2012, I was told that the following, ""Database encryption scan" indicates that  a database is being created.  A quick google search is pulling up information that suggests otherwise.  I am looking for something definitive.   I am working with others to be alerted when a database is created and another when the database is encrypted.
[Webinar] How Hackers Steal Your Credentials
[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Trying to secure my RDP connection so we are using TLS. Have create a template and a group policy to deploy it.

When I logon to the server i get the following error:

The terminal server cannot install a new template-based certificate to be used for Transport Layer Security (TLS) 1.0\Secure Sockets Layer (SSL) authentication and encryption. The following error occurred: The permissions on the certificate template do not allow the current user to enroll for this type of certificate.

Domain computer on the template has read and enroll right. It did have only enroll but I added read as well. Not sure If i have to push this change through?
Hi all,

We have recently upgraded our internal CA to SHA256. We have a number of internal webservers that have sha1 certificates that are still valid. We are looking to upgrade each other certificates through controlled process. My question is, if we are to renew the certificates on the servers with the new SHA256 if there any issues are we able to recreate a new cert using a SHA1 cert?
We have an ADFS server set up that we use authenticate our domain users for Skype for Business online. This works successfully so I know that the basic configuration is correct. I have created a relay trust with one of our application partners, who have written their own STS system. When clicking on the link to the application, we are redirected to our AD FS front end but we're unable to login. Speaking to our partner, they're saying that the claim we're producing does not include the name id which they need to allow us to login. The relay trust has been set up without encryption or signing requirements and I have set up a rule that based on the Mapping of LDAP Attributes to outgoing claim types with the LDAP attribute being E-Mail-Addresses and the outgoing claim type Name ID.

When trying to connect, 2 events are generated in the AD FS Admin log of the ADFS server. These events are;
1)   Event 303. The Federation Service encountered an error while processing the SAML authentication request (MSIS0037: No signature verification found for issuer https://xxxxxx
2) Event 364 . Encountered error during federation passive request (MSIS0037: No signature verification certificate found for issuer https://xxxxxx

The site https://xxxxxx (which is set up as the identifier in the relay party trust) has a mismatched certificate name but as signing and encryption are switched off on the trust, I don't understand why I'm seeing the message and why the token is not being generated.
Hello sir , i'm using WCF services in both web application and android . Now i want to implement encryption and decryption of various id's  so if i apply the encryption and decryption then on the web end i can easily manage the code but for android developer this is very hectic problem therefore suggest me how can i manage the code.
Internet of Ransomware Things ...
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others. This conference is aimed mainly at government agencies. So it addresses the various compliance issues with which they have to deal.
Hi all,

Im trying to implement a more secure means of using RDP. Having read up about I feel the TLS enabled option  would be sufficient. Having configured the host session properties on teh server to use SSL 1.0, encryption level high and ticked the box for allow connections from computers running NLA with auto generated Certificate. Haivng logged out and back in again I notice its still communicating over port 3389. Is this correct? Can I test whether this is encrypted?
I got hit with Amnesia Ransomeware...
Any help to decrypt?
Hi all,

I'm after your thoughts.  USB drives are a big risk to any network.  However, if a business enforces the encryption of USB Drives once they have been attached to a computer and are also scanned by an anti virus product, just how much risk do they now pose?

Any corporate data on there is now encrypted incase it is lost or stolen and any malware/virus should be detected before it is able to run (as long is it is not 0 day for example).

Should we still be concerned?  Many in the business want USB drives disabled by default, where as other think that the above controls mitigate the risks and will only force people to start printing (and losing) paper documents.
    I got a error while installing Lync 2010 client install in Windows 7 32 bit machine.Please find the attachment file.

Error :- "cannot determine the encryption status of the temporary files folder"
Free Tool: Path Explorer
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

I have a number of old word documents that I need to migrate to pdf but first I need to save them as DOCX but I want to save them without the Encryption password (which I have).

Anybody know how to do this?
LVL 18

Expert Comment

And your point is?  Nobody is complaining when Echelon spy on everyone else.

How can we change an existing password assigned to a file that is within WinZip compress & encrypt file.

The no-brainer is just extract and compress with new file, but we  are looking for changing without the need extracting.
As the title states we use Outlook 2010, in this case a service mailbox with a domain user account. The recipient is external.

The user opens a specific Outlook profile which has a certificate and under the S/MIME settings i use SHA 512 & AES 256.

However....all mails send are signed and encrypted, but.... 168 bits 3DES.

I published the certificate to the GAL after reading some info regarding that but that changed nothing.
Hope that anyone can help me sort out whats wrong?

Can the certificate used be the cause?

The certificate used is sha256RSA 2048 Bits.
Under Enhanced KeyUsage:

Client Authentication (
Secure Email (

Any tips appriciated!
We have a GPO in place to restrict who can use USB removable storage on workstations.  I'd like to know if there is a solution to require the USB devices to be encrypted.

 Troy Taylor
I set up one of four laptops as usual, enabling TPM, turn on bitlocker and require a bitlocker PIN at boot to log onto the computer. In my setup, I create an original admin account (named - pallap005), a standard account (named - clinical) and then enable the default admin account. Once that is done then I disable the pallap005 admin account. In this case, I disabled my pallap005 admin account  before I enabled the default admin account leaving only my standard user account (clinical) available. I need to know if I can enable the admin account and how do I go about doing this?
Is it possible if any one knows my social security number and date of birth can pull my credit history?

As part of an audit, I need to furnish the encryptions ciphers used by our mail server, which in our case is

an Exchange 2016 CU 17 server.

Specifically, here's the question:

If TLS is being used, are cryptographically strong key exchange and message encryption ciphers being used?

<The preference order of key exchange and encryption ciphers is:


1.Key exchange: Elliptic Curve Diffie–Hellman (ECDH), Encryption: AES in Galois Counter Mode (AESGCM)

2.Key Exchange: Diffie–Hellman (DH), Encryption: AES in Galois Counter Mode (AESGCM)

3.Key Exchange: Elliptic curve Diffie–Hellman (ECDH), Encryption: AES-256 (AES256)

4.Key Exchange: Diffie–Hellman (DH), Encryption: AES-256 (AES256)

5.Key Exchange: Elliptic Curve Diffie–Hellman (ECDH), Encryption: AES-128 (AES128)

6.Key Exchange: Diffie–Hellman (DH), Encryption: 128 or 256 bit AES (AES)

7.Key Exchange: RSA, Encryption: AES in Galois/Counter Mode (AESGCM)

  No other key-exchange and encryption ciphers are allowed>

I'm not quite sure how to check and see what it uses.  Can you offer any suggestions?

Thanks in advance.


After several hours of research and trial and error, I have found that I am unable to enable bitlocker on removable USB drives without password.

I am mostly curious and confused, as the policy description and all the documentation I have found indicates that having a password is optional -unless you make it mandatory. Everything in the language makes it appear that one should be able to enable bitlocker-to-go and not set a password.

"Configure use of passwords for removable data drives:

This policy setting is used to require, allow, or deny the use of passwords with removable data drives.

If you enable this policy setting, users can configure a password that meets the requirements that you define. To require the use of a password, select "Require password for removable data drive". To enforce complexity requirements on the password, select "Require complexity".

If you do not configure this policy setting, passwords will be supported with the default settings, which do not include password complexity requirements and require only 8 characters"

Initially I left the relevant settings "Not Configured."  I've since tried pretty much every iteration of the settings, as well as enabling BitLocker from right-click, control panel, and manage-bde.  I receive the enable bitlocker dialog window, and cannot proceed until I have supplied a password and password confirmation.  ("Next" is grayed out.)

Am I misunderstanding the policy options? Has anyone dealt …
Independent Software Vendors: We Want Your Opinion
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Hi All,


I have been tasked with setting up a secure file transfer mechanism for our organisation.

We have created the private keys etc. using Kleopatra and are able to encrypt/sign (with asci armor) and decrypt and exchange files with our partners successfully.

I would like to automate the process as follows.

Users place files in a folder based on a Fileserver.

GPG4Win (based on our SFTP Server) is scheduled to check the folder, encrypt any files it finds placing the encrypted file on the SFTP server’s Outbound folder and DELETING the original file on the Fileserver.

I am able to automate the encryption but the original file stays in place. When using the GUI there are options for the following, “Remove unencrypted original file when done”

I am using the following syntax


Gpg2 –batch –recipient xxxxx  –encrypt-files –armor C:\Location\*.txt

Which creates the encrypted the files in the same location and the orginal files still remain.


I have tried a number of different options, none of which worked for me.

If I am able to to encrypt/decrypt and point the files to an alternative location and remove the orginals then I would be extremely grateful for the help.
Hi Experts,

Im trying to convert a series of scripts that we use internally to a vb.net applicaiton with a GUI that can be passed on to the BAU teams. Unfortunately my knowledg around encryption is pretty non existant.

Would anyone be so kind as to explain to me how to convert the below perl to VB.NET? Or at least point me in the correct direction as far as namespaces etc are concerned?

use DBI;
use strict;
use warnings;
use Crypt::CBC;
use MIME::Base64;
use Encode;
use Digest::MD5 qw(md5_hex);
use warnings;

my $encrypted = <FILE>;

my $iv  = '0000000000000000';
my $utf_decoded = encode_utf8($iv);
my $key = "854EE3617FDDA2D3";

#create Cipher based on AES
my $cipher = Crypt::CBC->new(
				-key => $key,
				-literal_key => 1,
				-iv => pack('H32',$utf_decoded),
				-header => 'none',
				-padding => 'standard',
				-blocksize => 16,
				-keysize => 16,
               -cipher => "OpenSSL::AES"

my @dec = decode_base64($encrypted);
my $count = 0;

foreach my $entry (@dec) {
	my $temp = $cipher->decrypt($entry);
	$temp =~ s/[\x0D]//g; 
	print "$temp";


Open in new window

Here is what i have so far.... not going so great.

Public Function AES_Decrypt(ByVal input As String)

Dim KeyStr As String = "854EE3617FDDA2D3"
        Dim IVstr As String = "0000000000000000"

        Dim IV(15) As Byte
        For I = 0 To 15
            IV(I) = IVstr.Substring(I, 1)

        Dim AES As New RijndaelManaged
        Dim Hash_AES 

Open in new window

I have a application that needs to lots of Compression / Decompression. I have checked out many good tools but
they all have major drawbacks.

I use Delphi for Development.

Zipmaster (Standard Encryption Only)
ZipForge (Cannot handle long file names > MaxPath)
Xceed (Too expensive)
7Zip (Slow)

Please advice
One PCI DSS assessor had suggested that our Data Domain (sort of VTL as we have
replaced tapes with disks which we backup to remotely to our DR site) ought to be

Internally storage team argued that shouldn't we
a) encrypt at source & only selective sensitive data ?   Then we have much less
    to encrypt
b) encrypting entire data domain will entails more load (tho I've seen EMC's
     solution for this)
c) our assessor's justification is there may be sensitive data (eg: PAN or
    credit card#) in the logs that get backup from our Prod to DR site thus
    the need to encrypt it at destination
d) I know encrypting tapes is highly recommended as tapes are transported
    offsite (for storage) during transit, tapes may get lost.  But if we are using
    point-to-point link between our Prod & DR sites, there's no risk of losing
    media in transit.  Is this argument valid?
e) Also, should a HDD in a SAN get faulty & is being returned to vendor, what
    are the chances anyone or even a determined hacker could read the faulty
    (or even if it's not faulty) HDD for sensitive data?  Data is spliced randomly
    in SAN's HDD, virtually making data in the HDD undecipherable?  
f) when data is being backup from our Prod datacentre to DR site using
    point-to-point leased line (assuming the line do not have encryption),
    what's the risk it could be tapped or subject to MITMA?  Any security
    guideline that says backup traffic that is not …
I am using C# in SSIS Script Task and PGP Command Line tool for decrypting symmetric encrypted pgp file.
But this is not working, the command window appears and then hides showing a message:

pgp:decrypt < 3001:input file not found>
:decrypt <3090:operation failed, had parameters>

What is wrong with the code?

System.Diagnostics.Process p = new System.Diagnostics.Process();
                p.StartInfo.WorkingDirectory = @"C:\Program Files\PGP Corporation\PGP Command Line";
                p.StartInfo.FileName = @"C:\Program Files\PGP Corporation\PGP Command Line\pgp";
                string args = @"/c pgp --decrypt ""G:\MYHR\Payroll\PGP\ENCRYPTED\ECMC.TUR.PayrollExtract-Transactions.504001631112121.zip"" --symmetric-passphrase ""Example1"" --overwrite remove --output ""G:\MYHR\Payroll\PGP\DECRYPTED""";
                p.StartInfo.Arguments = " " + args;
                Dts.TaskResult = (int)ScriptResults.Success;

Open in new window

need your expert opinion.

Client as wifi access point with WPA2 enabled also AES encryption with 40 character length password, in light of attacks and worms and wannacry, client wants to authenticate users on wifi using Radius ----what you think about this setup?

P.s Radius with iKev2





Articles & Videos



Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.