Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

Share tech news, updates, or what's on your mind.

Sign up to Post


Staff email confidential PDF documents  to other organizations and they would like to password protect the PDF document when they email.
Is there any free software or paid software that can password protect a PDF document?

Any help much appreciated

I have a spare Lenovo thinkcentre that I have been working on for several weeks with an issue involving Bitlocker encryption and TPM.  Have tried too many things to mention and now am to a point where the tech I am working with has advised that I need to "change the default boot mode to UEFI (currently set on Auto or Legacy) and redeploy the OS (Windows 10).  Supposedly TPM 2.0 should work with the UEFI boot on a GPT partition.  When I change the boot mode to UEFI in the BIOS and restart I get an error 1962 - no operating system found.  Any guidance you can provide on how to deploy the OS with the default boot mode set to UEFI would be appreciated.  Thank you
Do Bullrun and Edgehill, along with some of the inbuilt shortcomings of SSL/TLS itself, mean that encryption amounts to not much more than a myth ?
I have a 1Tb disk running Windows 10. The system partition was encrypted by veracrypt but I later wanted to switch to bitlocker instead.  What I didn't realise on enabling bitlocker was that the partition was still encrypted by veracrypt.  So now the system partition has  encryption from bitlocker and the whole thing is also encrypted by Veracrypt.  So when you boot up, you have to put in the veracrypt password.  Then, since TPM was causing issues with bitlocker (not the problem I'm trying to solve here), you then had to put in the bitlocker recovery key, each time. Windows would then boot as normal, until you next rebooted when that 2-step process had to be repeated.

In an attempt to try update the bios, I wanted to install W10 temporarily on an external disk.  Unfortunately, in my haste, I deleted all but the recovery partition on the PC's hard disk during windows 10 install.  I didn't actually install anything - I realised what I had done and cancelled the whole process.

So, my issue is to recover these deleted partitions.  

I've tried testdisk, but after the 2hr search I get this:

I declined to do the more in-depth test

I next tried Acronis Recovery Expert from within Acronis Disk Director.  This, has found dozens of partitions formatted Ext4, which I guess is because of veracrypt.  The first few are of size 913.4Gb, then the next few are 913.3Gb and so on until 913.1Gb.  I'm going to leave it run over night, but this does not …
A client was having a Samsung S8 mobile phone, and he used SD encryption to encrypt the photos and media he has. Accidentally the phone was broken and is no longer working, so he bought a Samsung S9 mobile. When he put the SD card, the media are encrypted. The old phone (S8) is not working so we can decrypt the SD on the phone.

Any ideas on how to decrypt the SD card to work in S9?
attached one of the photos that are encrypted.
We are working with two outbound providers on our on-premise Exchange 2013 environment:  ProofPoint which provides encryption on demand and Mailjet which gives us detailed deliverability stats and reports.  Unfortunately, we're stuck with using one or the other, mainly because Mailjet has authentication requirements that ProofPoint's configuration can't meet.  So, is there a way to configure Exchange so that all messages with the "[ENCRYPT]" in the Subject or Body would go through the ProofPoint connector and anything else through the Mailjet one?  Ideally, if we could find a provider that gives both the reporting AND the encryption-on-demand, that would probably be the optimal option.  Thanks!
just booted a new lenovo PC for the first tine ...

warning ... clearing erases information stored on TPM.
you will loose all created keys and access to data encrypted by these keys .press f12 to clear TPM
esc to reject this change request and continue

Weill I waited and it just booted to win 10 pro setup and I don’t know what default was chosen.

I’ve three more to setup
what should I choose ?

I don’t need encryption but wouldn’t mind know if I do/don’t choose it will the users be prompted for a more security every boot?

note - I want to keep things simple, it’s for an adult education simple class

Hi Folks! I have a need to get a software that will allow me to create PGP keys and encrypt/decrypt individual files. Years ago I used PGP Desktop for this. Can someone recommend a simple application that will allow me to do this using strong encryption strength (2048 bit keys and higher) ? I have a Windows 10 Pro desktop.
I have PDF files which I need to access because I forgot my password I am not able to open it anymore. I bought a System Tools program which said it would be able to remove the passwords or reset it, but what they said is this:

"Dear Customer,

Thanks for your email.

We are unable to recover/reset the password from your pdf file due to AES encryption. "

I know that there are some tools to remove this password and access the PDF files. I am an IT Security graduate and I have seems many tools to do many things.

Would you be able to advise which tools I could use for that?
In a new environment one of the projects left behind by a predecessor was to upgrade the encryption on their DMVPN from 3DES to AES 256. That's a good goal to be up to modern standards. But I see a lot of other areas of greater vulnerability. And the update and verification of hundreds of spoke sites will take considerable time. My question: how vulnerable is a 3DES encrypted DMVPN network?
Hi I have just started using always encrypted. I am using it on a webserver.
When i connect using sql managment studio it works fine however on the website thows and error about the permisions.

1st question, is it it safe to use on a webserver as the certificates and data are on the same device.
2nd question, how do i get it to work on IIS website?
I want to back up my machine using Acronis.  But it says it can't back it up until I turn off Bitlocker.
When I go to Control Panel --> System and Security --> Bitlocker Drive Encryption, it says "BitLocker waiting for activation".  There is an icon to "Turn on BitLocker".  

Do I have to turn it on before I turn it off?
I am on a new gig where the client has small spoke sites talking to a hub at the data over DMVPN with IPSec encryption. The edge devices at the spoke sites are Cisco ISRs. They complain about the performance of Horizon VDI not infrequently. One thing I was wondering is - what would be the performance knock of their sending their already secure PCOIP traffic over the encrypted DMVPN? It seems they could just send the traffic to the VDI farm without it needing to travel through the tunnel. Might it improve VDI performance from the perspective of the end  to have those connection bypass the tunnel and just traverse the Internet without a second encryption operation.

I d like to protect my One Drive files with an encryption so that if my files would end up being downloaded or hacked, they are not readable for anybody who hasn't got a decryption key.

Is that possible and how would that then work? I could make a container/vhdx on OneDrive but then the full container would need to close before a sync happens and the full container would be synced on any smallest change of a file.

I'm unable to decrypt a file using the key I created early. The problem is didn't I create a Passphrase.
 Below is my key generation out and Passphrase request when trying to decrypt file

gpg2 --gen-key
gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection?
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: eeeeee
Email address: eeeem@mmmmm.com
Comment: This key pair is use for use for encryption and decryption files.
You selected this USER-ID:
    "eeeee (This key pair is use for use for encryption and decryption files.)<eeeem@mmmmm.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.

We need to generate a lot of random bytes. It is a good idea to perform
some …
I need to send 10-15 pdf attachments (encrypted with password protection) to client. How can I do that? What tools or software can i use so that client can open by entering the password

how secure is 7zip password protection?

Thank you
Does TDE encrypt  just the database or the entire SQL server?     I need to have just one of our databases encrypted (for now)  and need to make sure using TDE only that database is affected.

I currently have one database where I am encrypting a single column but the one in question is a separate database on the same server that also has many other databases.
How to create a PGP key in redhat linux? This key pair will use to encrypt and decrypt VCC Images.
Backblaze 2 backup does not encrypt data which is stored.
What do you suggest is obtained or done in order to encrypt that data?
The data source will either be from a desktop, or it may be from a QNAP or Synology NAS.
Your specific suggestions and instructions are appreciated.
I'm thinking about using Companionlink to sync my Outlook to my Android phone.

Have used it in the past.

Looking at connecting via Bluetooth as it's the simplest option.

Concerned about security.  

Seems like the software sends data via Bluetooth encrypted.  So, checks one box.

Here's my question - after I get the phone and the PC paired I can turn off discoverability.  But...seems like, for my Win10 PC (and lots of others) turning off Bluetooth is not enough.  I've got to run services.msc to get discoverability  ACTUALLY turned off.

So, my question is: am I on the right track here: to ACTUALLY keep my PC undiscoverable I would have to run services.msc and disable it at that level?

Then, to the base of my question: somehow having my Outlook data transferred via Bluetooth is dismaying.  Should I have that concern?  

My other options used to date have been using MS Exchange locally via a program called Akruto.  Or, using Companionlink over Wifi.  Each of these are also locally broadcasting my Outlook data to my phone.  (At one point I was even super secure syncing with Companionlink via USB cable.  Safe, but not efficient.)

So, my thinking now is this - if I can get Bluetooth discoverability ACTUALLY disabled on my PC and my phone that would reduce the chance when I'm on the road for a malefactor …
I hope to see experts answering that are familiar with fTPM technology like Intel PTT in connection to bitlocker.

In our IT world, so far, we have only relied on discrete TPM ("dTPM") modules. Since all new mainboards offer fTPMs, we are doing a little research whether this can be used as securely as the normal TPM. What I would like to look at in this question is a single aspect of this comparison dTPM/fTPM:

1 With a dTPM, when an attacker steals a bitlocked hard drive (TPM+PIN) and connects it to a different system, bitlocker would immediately ask for the recovery password.
2 With an fTPM (say Intel PTT), when an attacker steals a bitlocked hard drive (fTPM+PIN)  and connects it to a different system that also has Intel PTT active, bitlocker would not ask for the recovery password but allow you to start the system if you know the PIN.

So from what I gather, the fTPM is software only, and although it relies on having Intel PTT hardware in this case, it is not in a part of the mainboard, but is part of the hard drive contents.

Can someone confirm this and tell me what part is responsible for validating the PBA PIN?

Why I ask: I tried this here in our lab and was surprised that you can simply move hard drives around from one board to another (same model) as long as Intel PTT was active. Before trying, I had thought that fTPMs would have the same "problem" as dTPMs: when the old mainboard dies, you will have to provide the recovery password - but I …

I wanted to ask a question about SSH Keys.  At the current time our users just create SSH on their own servers using keygen or puttygen.  We are trying to create a process for them to request the creation of SSH Keys to a designated group and then have them collect the keys from a network share, so we can keep track of the SSH Keys.
The proposal is to insall PuttyGen on one of our ADCS (Issuing CA) to generate and 'store' the keys on the CA.   That is not a good idea, right ?  The CA stores the CA database.  If you agree, please give me reasons as to why it is not a good idea to generate or store SSH keys on a CA server.  

We even have separate Web Enrollment servers.  

Should we instead build a separate server to generate SSH Keys ?

Thanks.  Mona.

I do have a video that is in a .MOV format and the size is 9MB . I have been requested to  password protect the video.
This video will be sent to a another organisation through an email.

Please let me know how to password protect the video file.

Any help will be great.
I would like to change this script so that uses the smtp server:  smtp.office365.com
Port 587
Encryption TLS
Username:  username@yourdomain.com
Password: xxxx

      # Invokes the Send-MailMessage function to send notification email
      $splat = @{
            From =                  'info@info.com'
            To =                  Get-Content -Path ( Join-Path $PSScriptRoot 'DistributionList.txt')
            SmtpServer =      'smtp.server.com'
            Subject =            $subject
            body =                  $MessageBody
            BodyAsHtml =      $true
            Attachment =      ( Join-Path $PSScriptRoot 'abc.pdf' )
      Send-MailMessage @splat


Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.