Encryption

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have Symantec Encryption Desktop on my computer.  When I login at the PGP screen, it accepts my password or PGP passphrase and begins the startup.  But after a minute of seeing the "Starting Windows" screen with the Windows logo, it seems to get stuck in a loop and reboots the computer, taking me right back to the PGP screen again.  I feel like an update was pushed through recently that is causing this.   How can this be fixed?
0
Exploring SharePoint 2016
LVL 13
Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

A colleagues whatapps history was completely deleted from my iPhone.  A couple of weeks back, I went to text my associate and when opening the chat I noticed that the entire history was deleted; it was empty, only the end-to-end encryption was displayed on the top.  Can someone tell me what happened and if I can recover it.
0
I am doing research because I was asked if internal emails in our Exchange 2013 environment are encrypted. We have setup TLS encryption but when I look at the mail logs I dont see anything mentioned on internal emails regarding TLS.

I have found some documentation that states that all message traffic between transport servers is encrypted but this is for 2010, I need something for 2013.
https://docs.microsoft.com/en-us/previous-versions/office/exchange-server-2010/bb430764(v=exchg.141)

If its not can someone point me in the right direction on how to encrypt the emails?
0
Please explain the workflow of a Certificate Signing Request

How does this request originate? What does it consist of? What kind of signing authority responds to this request?

And how does it relate to SSL?

And what about the latest update to the.NET Framework? 4.7.2?

Thanks.
1
I'm looking for input regarding compliance requirements for data encryption over carrier WAN circuits (MPLS, L2 VPN, etc.).

One particular customer is demanding encryption for their MPLS connectivity (due to HIPAA compliance reqs), but they also have dedicated P2P optical circuits between a couple locations, as well some data center interconnect (DCI) between a hosting provider for data replication. While MPLS is multi-tenant by nature, their P2P optical circuit is not (at least their wave/lambda isn't) - same for the DCI. HIPAA states a requirement for “encryption for all data in transit.” I’ve seen a lot of fluidity in satisfying compliance reqs in the past (especially with PCI), where some partial effort in a particular req will be sufficient to check the box. That said, there’s no wiggle room on what’s in quotes here, so I’m looking for any input regarding whether these reqs might also apply to links that are not “multi-tenant” by nature, such as the dedicated optical circuit.

This largely boils down to equipment (router/firewall sizing), but if there were some relaxed requirements for non-MPLS WAN circuits to still satisfy the HIPAA checkbox, that's what we're looking for.

Thank you
0
Hello Experts,
Here is the partial code of my Encryption program which encrypts the data in 256 bits.  Here I am trying to understand the code to take it to next level.

1. What is the meaning of Encryption.m_Key = new byte[0x20] ?  Why it is [0x20], not [0x22] ?
2. What is the meaning of Encryption.m_IV = new byte[0x10] ? Why it is [0x10], not [0x11] ?
3. How line 1 and 2 are related?  I mean to say byte[0x20] and byte[0x10]. Does the 2nd one needs to be 10 byte long because 1st one is 20 bytes?
4. Why do we use m_IV?  Does the name matter here?

Please answer the above questions if possible.  FYI, I am not allowed to post the code.  I modified it as little as possible for explaining things.

Thank you very much in advance.

            public void GenerateKey()
            {
                  Encryption.m_Key = new byte[0x20];
                  Encryption.m_IV = new byte[0x10];
                  
                  RegistryKey key2 = Registry.LocalMachine.OpenSubKey("XXXXXXX").OpenSubKey("SubKey2");
                  if (key2 != null)
                  {
                        RegistryKey key3 = key2.OpenSubKey("SubKey3");
                        if (key3 != null)
                        {
                                      .
                                      .
                                      .
                        }
                  }
            }
0
Hello,
I need an AES-256 encryption/decryption example and found one.  How would I know if this is 256 bit encryption?

https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.aes?view=netframework-4.7.2

Thank  you!
0
Sophos uses bitlocker as far as I'm aware. Bitlocker requires tpm modules? How do I check if all my laptops have a tpm module.
0
URL encryption for Power BI web publish

I have developed a number of PowerBI reports that I'd like to publish using Power BI publish to Web function, with a link embedded in our reports application page, so everyone can in the organization access to them without setting up individual Power BI accounts.

However, I'd like to encrypt the URLs while these reports are published using the Power BI Web publish method, open to the Public to view. I'd like to encrypt the URL unless the request came from the applications reports page.

I hope that this is clear and if you need more information, please let me know. I can provide more detail.

If you have another solution or method, please let me know.

I'm looking for step by step instructions with the code to insert into my pages.
0
Hello Experts,
I am looking for a AES-256 Encryption/Decryption program to deal with my Customer Credit Card numbers.  If possible, please help find me an industry standard sample program.

Thank you very much in advance.
0
Build an E-Commerce Site with Angular 5
LVL 13
Build an E-Commerce Site with Angular 5

Learn how to build an E-Commerce site with Angular 5, a JavaScript framework used by developers to build web, desktop, and mobile applications.

Hello fellow experts!

Running into an issue with one of our Win10 boxes when trying to enable BitLocker encryption.

When turning on BitLocker on the C: drive, it initializes and then tosses an "Access Denied" error.

I have reset the TPM owner password.
I have cleared the TPM both in Windows and the BIOS.
I delegated control to SELF to Read/Write msTPM-OwnerInformation
I delegated control to SELF to Read/Write msTPM-TpmInformationForComputer

Any suggestions are welcomed!

Regards,

SPK
0
I am working with a Store Procedure where a user enters their new password and their entry is hashed and stored in an SQL server table.

The code in the Stored Procedure that does the hashing is this:

set @hash_pass = CONVERT(VARCHAR(32),HASHBYTES('MD5',@user_pass),2)

Open in new window



The hash_pass value is what is stored in table field for the password.

In my ASP.NET web forms app with VB.NET code behind I have a login form.  In the code behind, I want to take the user's password, hash it, and send the hashed value to the store procedure that validates the login with the previously hashed and stored value from the code above.

This is the code I have tried so far, but the string output looks nothing like the hashed value generated from the stored procedure and therefore no match and login fails (even though password is correct).

How  do I change this VB.NET code so the generated hash matches what the stored procedure generates for the same text string?

    Private Function GenerateHash(ByVal SourceText As String) As String

        Dim Ue As New UnicodeEncoding()
        Dim ByteSourceText() As Byte = Ue.GetBytes(SourceText)
        Dim Md5 As New MD5CryptoServiceProvider()
        Dim ByteHash() As Byte = Md5.ComputeHash(ByteSourceText)

        'Debug.Print(Convert.ToBase64String(ByteHash).ToString)

        Return Convert.ToBase64String(ByteHash)

    End Function

Open in new window


Thanks,
0
Is there an easy way to determine if all systems in our ORG have TPM chip?  A way to verify it's being used or rdy for use?  Without touching each individual machine?
0
Unable to Clear the TPM in Lenovo ThinkCenter models. Tried with the below options to clear the TPM.

1. BIOS Settings --> Security Tab --> Clear TCG Security Feature set to Yes  (https://pcsupport.lenovo.com/au/en/products/desktops-and-all-in-ones/x-series/thinkcentre-x1/solutions/ht503034)
2. Tpm.msc --> Clear Tpm
3. Using powershell executed Clear-Tpm
4. Ran the command powershell.exe -executionpolicy bypass -command "(get-wmiobject -Namespace "root\cimv2\security\MicrosoftTPM" -class Win32_TPM).SetPhysicalPresenceRequest(14)"


This issue is  occurring only when we have below status in the tpm.msc

"The TPM is ready for use. The TPM firmware on this PC has a known security problem. Please contact your PC manufacturer to find out if an update is available. For more information please go to https://go.microsoft.com/fwlink/?linkid=852572."
Tpm.JPG
0
The following code is supposed to determine how long it has been since a password reset request was submitted. If the request has expired, disallow.

        } else if(!empty($request->get('key'))) {
          $dbAccessor = new DbAccessor();
          $new_password = $request->get('new_password');
          $rawkey = $dbAccessor->unobfuscate_id($request->get('key'));
          $keyparts = explode(":", $rawkey);
          $contact_id = $keyparts[0];
          $expiration = $keyparts[1];

          if(time() > $expiration) {
             $redirect = "/account/reset_my_password?error=key_expired";

Open in new window


I know it works, because I changed the > to a < in the if(time() > $expiration), and I could not reset my password.

I'm a complete newb at this, taking over for a staff member who moved away. He was our main back end web dev, and Im scrambling to fill his shoes as much as I can.

I was tasked with this because somebody ran across a link that was sent out to a real customer months ago to reset their password. We clicked the link, and it took us to the password reset page, as if it was perfectly fine to reset our password after all those months. The link should have expired.

BUT

This may have been designed so that the user doesn't get a message that it has expired, it just doesnt do what it says (like my test in reversing the <>). That would be perfectly acceptable... not graceful, but at least the password could not be reset via that link 3 months later.

So... obviously I need to figure out the value of this: $keyparts[1]; to see what time value is being specified (if any). How do I see that? Here is the unobfuscate_id function:


Open in new window

0
Server got encrypted with Hermes 2.1.
Act 2012 ADF file encrypted no bu available as bu drive also hit..

I can't tell if the encrypted 184meg file is the one needed or the bigger 440 meg ADF file. Trying to open, it says it was improperly detached and cannot open.

Is there any tool I can get to fix the ADF file, and create the associated ALF file? Tried to import the 440 meg ADF file into new act database, will not open, says corrupted. Client has NO support contract with ACT/Swiftpage.

Is there an Act Tech here that can fix this file? If I pay the ransom for the smaller file, get the decryptor tool and it is not current, I am out the money. I'd rather pay ACT to fix it, but they wont even talk to you without support contract.

Thanks.
0
How can ransomeware .Adobe execute on a newly installed OS?  I have a email server running Windows Server 2016 and MDaemon Email software. Last week it was hacked probably by non-standard RDP port i had open and encrypted all files and most of my backups. I was able to recover the email files and configuration within the MDaemon directory. I wiped the hard drive and did a clean install of Windows Server, copied my recovered MDaemon files to the clean hard drive. Reinstalled MDaemon and was up and running. I also closed the RDP port previously open. No no public access to the server except for necessary ports.  Yesterday I was encrypted again. Again it seems to have been done from the email server as files on the desktop and everywhere else are encrypted. I have recovered again by the same methods plus a couple of other security enhancements such as new user name and password. My question is how in the hell are they getting into my server and what else can I do to prevent this from happening again. Thank you and happy holidays!
0
Hi guys

We have a virtual fileserver 2012 R2 on Vmware. If I was to enable 'Bitlocker' on there, would it affect anything in terms of people's access to shared files etc?

Also, by enabling something like that would there be a benefit? I would assume that the whole point of it is if someone stole the systems and tried to access our information that they would have to enter a password to access the information on the disk? So my assumption is that Bitlocker on an external disk or laptop, yes, but on a virtual machine sitting on premises there's no need?

Thanks for helping
Yash
0
I created a scalar function to encrypt the plaintext CreditCardNumber using this SQL function with a strong phrase and varbinary "salt" of tableid and recordid.  The server is also encrypted and physically secure...the passphrase is stored in a text file that requires admin user account to access and must be read each time the function is executed.  

The decrypt function that makes it to front end UI is masked with only the last 4 showing.

Is this enough to be compliant?
0
Become a Certified Penetration Testing Engineer
LVL 13
Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

IPSEC Tunnel Fails 2x2921

I tried putting a routing statement but no change.  NO PRIVATE INFO: I'll change the crypto key once I get this working.

ip route 192.168.175.0 255.255.255.0 192.168.176.1

ip route 192.168.176.0 255.255.255.0 192.168.175.1
Diagram!!!@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ SITE 1 @@@@@@@@@@@@@@@@@@@@@@@@!!!!
localrtr#sh run
hostname localrtr
boot-start-marker
boot-end-marker
enable secret 5 $1$A3Kg$TZeqZI6QF3r.S4nu80fZJ1
no aaa new-model
!
ip domain name mydomain.com
ip cef
!
multilink bundle-name authenticated
username cisco privilege 0 password 7 05190900355E41060D
!
crypto isakmp policy 1
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp key firewallcx address 192.168.168.236
!
crypto ipsec transform-set TS esp-3des esp-md5-hmac
!
crypto map CMAP 10 ipsec-isakmp
 set peer 192.168.168.236
 set transform-set TS
 match address VPN_TRAFFIC
!
interface GigabitEthernet0/0
 description OUTSIDE
 ip address 192.168.168.235 255.255.255.0
 duplex auto
 speed auto
 crypto map CMAP
!
interface GigabitEthernet0/1
 description INSIDE
 ip address 192.168.175.1 255.255.255.0
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/0/0
 description MGNT_10_10_10_15
 switchport access vlan 200
 no ip address
!
interface Vlan200
 ip address 10.10.10.15 255.255.255.224
!
ip access-list extended VPN_TRAFFIC
 …
0
In Windows 2012 R2 with SQL 2014, I would like to setup traffic over 1433 to use IPSEC. I have ready multiple article on the setup by need clarification on the following.

1) Are certificates on both servers required
2) Is just setting the Firewall rule to access connections over IPSEC the only thing that is needed?
0
Application using ssl3 version of ssl library in server side for security purpose. How to enable SHA512 algorithm instead of SHA256 while encrypting data?

Shall I set SHA512 from SSL* apis?
0
I got the error when I installed php-mcrypt below:
sudo apt-get install php-mcrypt

----
sudo apt-get install php-mcrypt
Reading package lists... Done
Building dependency tree      
Reading state information... Done
Package php-mcrypt is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source

E: Package 'php-mcrypt' has no installation candidate
------

Background:
php -version
PHP 7.2.10-0ubuntu0.18.04.1 (cli) (built: Sep 13 2018 13:45:02) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.2.10-0ubuntu0.18.04.1, Copyright (c) 1999-2018, by Zend Technologies

in Oracle Virtualbox with Ubuntu. I saw someone installed it with
sudo apt-get install php7.0-mcrypt

However, no good for me.

Are any gurus shed some light to it. Greatly appreciate it.
0
I am in the process of disabling medium ciphers in order to satisfy our PCI scan.

But i am running into some discrepancy on 2 different Win 2012 R2 servers which is really weird.

Server 1
Before  - Grade B

Ciphers
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)   WEAK       256
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)   WEAK       128
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)   WEAK       256
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)   WEAK       128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   WEAK       256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   WEAK       128
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)   WEAK       112
TLS_RSA_WITH_RC4_128_SHA (0x5)   INSECURE       128
TLS_RSA_WITH_RC4_128_MD5 (0x4)   INSECURE       128

After removing those i got grade A


Server 2
Before - Grade A even with weak ciphers


Ciphers
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)   WEAK      256
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)   WEAK      128
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)   WEAK      256
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   WEAK      256
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)   WEAK      128
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   WEAK      128
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)   WEAK      112

After removing the same ciphers i got a Grade B complaining about this
This server does not support Authenticated encryption (AEAD) cipher suites. Grade capped to B

Sure enough the scan on the 2 servers shows that Server 2 is missing these 2 ciphers

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   ECDH x25519 (eq. 3072 bits RSA)   FS       256
0
Hi guys

If someone asks, how do you encrypt data in transit, then how would one answer that? That question is quite vague, no? I mean, we have VPN connections from site to site. We also have an MPLS network. Along with that, we have an email system with SSL certificates installed for the OWA, but then I wonder whether that means Outlook data is not encrypted but only encrypted when using OWA?

Any help is appreciated
Thanks
Yash
0

Encryption

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.