Encryption

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

Share tech news, updates, or what's on your mind.

Sign up to Post

Experts, during the Win10 migration, I found a hdd that I had forgotten about.  On it is 100's if not 1000's of irreplaceable pictures my dad had before being hit by the CryptoWall threat.  I put the hdd aside until I could come back to it (infected Aug 2, 2015) or found a key that could decrypt it.  Now that I found the drive, I see that a master-key was released for one of the encryption threats but for some reason, I'm unable to decrypt the pics so I must be doing something wrong.

File extension is .aaa.  I've tried this key
440A241DD80FCC5664E861989DB716E08CE627D8D40C7EA360AE855C727A49EE
with the TeslaDecoder app but no decrypting is happening.  Can anyone provide some insight with decrypting files that were hit with CryptoWall or TeslaCrypt?  I would greatly appreciate any assistance in recovering these pictures.  Thanks Experts.
0
Introduction to Web Design
LVL 19
Introduction to Web Design

Develop a strong foundation and understanding of web design by learning HTML, CSS, and additional tools to help you develop your own website.

How to create a PGP key in redhat linux? This key pair will use to encrypt and decrypt VCC Images.
0
Can I edit an IKEv2 policy by adding encryption standards - without breaking current ipsec vpn that uses those policies?

id like to try add sha256 to encryption + add to prf and integrity hash's - cant seem to get azure ipsec vpn working with VTI route based asa 9.9 (2)
Capture.JPG
0
From the windows 10 command line

I'm using
gpg --always-trust -e -r "s-batchdev" TestUnEnc.pdf
To encrypt a file and it works fine.  
But how can I set the path where the encrypted file will be sent.


I'm using
gpg -d Test.pdf.gpg
To decrypt a file
But I'm being asked for the passcode.
1 - How can I modify the command so the user will not be asked for the passcode
2 - How can I modify the command so the path to the file can be set within the command
0
Can VB6 use GPG to encrypt and decrypt files?  If so an example would be appreciated especially decrypting a file
0
Any suggestions. Just added a site to site IPSEC tunnel from Cisco ASA running ASDM to a SonicWALL. Successfully got the tunnel live. However cannot reach anything in the cisco network from the SonicWALL. Also there was an existing Cisco AnyConnect SSL-VPN that was working and still connects. However that VPN can also no longer access anything in the network. So seems like a NAT issue or maybe an issue with the ACL? Strange that all the VPNs connect but can get to anything in the inside network... See the running-config below


ASA Version 8.6(1)
!
hostname xxxxxx-ASA
domain-name xxxxxxx.local
enable password xxxxxx
passwd xxxxxx
names
!
interface GigabitEthernet0/0
 description To Switch 1
 channel-group 1 mode on
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/1
 description To Switch 2
 channel-group 1 mode on
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/2
 description LAN Failover Interface
!
interface GigabitEthernet0/3
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/4
 description To TWC
 nameif Outside
 security-level 0
 ip address 47.23.x.x 255.255.255.248 standby 47.23.x.x
!
interface GigabitEthernet0/5
 description To VZW
 nameif Backup
 security-level 0
 ip address 10.1.1.2 255.255.255.248 standby 10.1.1.3
!
interface Management0/0
 shutdown
 no nameif
 no security-level
 no ip address
 management-only
!
interface Port-channel1
 …
0
FIPS 140-2 enabled encryption won't write to USB drives encrypted with password once ejected from computer.  It becomes write-protected.  Anyone experience this?
0
Trying to upgrade a windows 7 machine to windows 10 but get an incompatibility error regarding the dell encryption software.  There isn't anything in the programs and feature to uninstall and when I try finding the uninstall within the application directory there isn't one.  Most of the suggestions from googling it have been fruitless.  Any assistance would be appreciated.
0
Hi Experts, I would like to get some help with troubleshooting a Site-to-Site VPN connectivity between two ASAs. I need to NAT the internal subnet on both sites to a pubic IP address in order to avoid overlapping subnets. I can establish a VPN tunnel as long as I ping the NAT address (the tunnel does not come up if I ping any host on the internal subnet). The issue I am having is that I am not able to ping any hosts on the subnet from either end after the tunnel is established.


Site A outside IP is 50.50.50.2 (Internet G0/0 is 50.50.50.1)

Site B outside IP is 60.60.60.2 (Internet G0/1 is 60.60.60.1)

Site A and Site B can ping each other outside IP.

Site A inside subnet is 10.16.0.0/24 and is NAT to 50.50.50.3

Site B inside subnet is 10.10.0.0/24 and is NAT to 60.60.60.3

 Simple nework diagram
vpn-pat-overlapping-subnets.jpeg.jpg

 

ASA Site A:

ASA Version 9.7(1)4
!
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 50.50.50.2 255.255.255.0
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 10.16.0.1 255.255.0.0
!
object network obj-siteA-real
subnet 10.16.0.0 255.255.0.0
object network obj-siteA-map
host 50.50.50.3
object network obj-siteB-real
subnet 10.10.0.0 255.255.0.0
object network obj-siteB-map
host 60.60.60.3
object-group service ogs-srv-icmp
service-object icmp echo
service-object icmp echo-reply
service-object icmp traceroute

access-list acl-outside-in …
0
I'm trying to turn bitlocker on a new HP laptop, but be able to not have the user need a PIN or password when booting.  Older machines are working fine just not the brand new laptops.
0
Build an E-Commerce Site with Angular 5
LVL 19
Build an E-Commerce Site with Angular 5

Learn how to build an E-Commerce site with Angular 5, a JavaScript framework used by developers to build web, desktop, and mobile applications.

The user want to securely send documents via email.
I am experienced with Symantec Encryption Desktop and using PGP with Outlook.

They want to send confidential documents from time to time to several different recipients.  What other methods are acceptable?

They heard about Sharefile.com, but I'm not familiar with its operation.


Thanks.
0
Hi,

I have a question regarding exchange 2016. I need a statistic of how many emails are encrypted on our server.

We want to switch from opportunistic to mutua TLS, but I need to know how many companies do not have TLS enabled.

Thank you in advance!

Best regards,
Bernhard
0
I have a hard drive that has been formatted by mistke and need to recover data. I am able to run a scan using EaseUS Data Recovery. I can see the entire folder structure, etc but no files. I have since been informed that the drive was encrypted using Symantec Endpoint Encryption. Is this the reason no files are visible? Would have assumed if it was encrypted I would not be able to see folder structure, etc?

I would like to know how to unencrypte the drive so i can run another scan to see if I can recover this data. Any help is appreciated. Let me know if you need any additional information.
0
Hi Experts,

What are the drawbacks for using keybase as an encryption engine in Terraform scripts?

Thanks a lot!
0
I am trying to establish a site-to-site VPN tunnel between an ASA 5505 and a Fortigate300d but the tunnel does not come up .
I have attached the config of the ASA.

interface GigabitEthernet0/1

nameif inside

security-level 100

ip address 192.168.0.251

!

interface GigabitEthernet0/2

nameif E1(outside)

security-level 0

ip address 192.168.1.2



access-list ooredoo-Tunnel extended permit ip host aspen1 10.71.100.0 255.255.255.0

access-list ooredoo-Tunnel extended permit ip 10.71.100.0 255.255.255.0 host aspen1

 

 

access-list E1_access_in extended permit icmp 10.71.100.0 255.255.255.0 host 192.168.0.205 echo-reply

access-list E1_access_in extended permit icmp 10.71.100.0 255.255.255.0 host 192.168.0.205 echo

access-list E1_access_in extended permit icmp any host 10.150.1.4 echo

access-list E1_access_in extended permit icmp any host 10.150.1.4 echo-reply

access-list E1_access_in extended permit icmp host 10.150.1.4 any echo

access-list E1_access_in extended permit icmp host 10.150.1.4 any echo-reply

access-list E1_access_in extended permit ip any any log

access-list E1_access_in extended permit ip any host 192.168.0.205

access-list E1_access_in extended permit tcp any host 192.168.0.205 eq www

access-list E1_access_in extended permit ip host 192.168.2.100 any

access-list E1_access_in extended permit ip any host 192.168.2.100

access-list E1_access_in extended permit tcp host 192.168.2.100 any eq https

0
The client needs to have a licensed version installed for Symantec Encryption Desktop.
I can't find any place to purchase this.

Thanks.
0
I know encryption decryption mechanism for a typical HTTPS based communications.

However, Failed to understand the how chemistry between below 2 blocks works  
{private&Public key} ---vs-  {SSL certificate }

Please advice
0
We build WordPress plugins that are widely distributed, of course.  Within our plugins, we need to make a call to a service that we have setup, which includes our own API credentials for this service.  These credentials need to stay protected.

We're at a loss at how we can distribute a plugin making calls to a service with our credentials, yet protect those credentials..??

First thought was encryption, but then the encrypted value would have to be included in the plugin, and if we're decryption in our service then all anybody would need is that encrypted value, so that won't work.

I'm struggling to think of another way around this.  Any ideas for me?  Any information on this would be greatly appreciated.  Thanks!
0
We had our guests' Wi-Fi network appear to be available with the same name and with "_A8" added to it. Users did not notice and tried connecting to it and connected to it. Only when I noticed they told me that its been a while there. I connected to it and checked connected device and discovered the booster. Can't remember the make and model now, but remember that it was Chinese brand I haven't heard of and it was the one you plug into the electricity socket and it picks up Wi-Fi and boosts it. I guessed that booster's login (admin and admin or something like that). I logged in there and disabled it. Did not think much about it because it was our guests' Wi-Fi which was separated from our main network by vlan. We set up new Wi-Fi straight away with new super long password and WPA2. I asked users to let me know if anything suspicious happens.
Last week users reported that the Wi-Fi with _A8 appeared and this time it is the new Wi-Fi with _A8. Not really sure how that happened. Users reported that they did not connect to it yet nor they did try to connect (difficult to say that this did not happen for 100%).
Normally we do not give out Wi-Fi password even though it is for guests as we do not have that many customers visiting. Users do not remember anybody asking for Wi-Fi password recently. hard to say for 100% when this new Wi-Fi with _A8 really appeared.

I need your help with:
1. How could this happen? We always use WPA2 encryption and the fact that the booster was …
0
Exploring ASP.NET Core: Fundamentals
LVL 19
Exploring ASP.NET Core: Fundamentals

Learn to build web apps and services, IoT apps, and mobile backends by covering the fundamentals of ASP.NET Core and  exploring the core foundations for app libraries.

Hey all,

This is more of a help with providing a client with a solution so hope you guys can help.

I am trying to work out a solution for one of my clients who has very sensitive data on his laptop. It is one user and also doesn't have the funds to put in place a lot of security measures. I have been thinking of BitLocker Encryption with Bios password and Biometric login with MFA on his emails.

This client likes Google Stream so we might go down this route for his emails and document storage. If we enable file stream, I am assuming the data is all in the cloud not on his computer?

What else is everyone doing in this scenario, I would love to know.

TIA
0
Was just informed that one of our users laptops was stolen from a vehicle.  We're in the process of implementing some security measures, but it seams like this one might be too late.  We believe we had MBAM on the machine as well as bit-locker.  We also believe one-drive was being used.  Is  there anything we can do to protect us from any malicious activity or stolen info at this point?  

What can do we do on this issue and what can we do in the future?
0
How to add algorithms which are not supported by ADFS 4.0 out of the box. Trying to import an ECC certificate but the error message is the certificate key algorithm is not supported
0
Hi,

Hope somebody could help us with this issue..

We recently purchased a 5506-X firewall to add to our existing network. We work in a shared office environment and the IT department provided us with a Static IP for (outside) configuration of the firewall. In order to have access to the internet in our network environment we must authorize devices by MAC address. I have tested the outside IP on my laptop and was able to connect to the internet from the uplink provided to me.

We have followed all the steps necessary to setup the 5506-x firewall but cannot seem to get internet access. Also, we have allowed the mac address of each interface on the 5506-x to have access to the network.

Maybe we missed something and someone could help guide us in the right direction. We followed the instructions here but still know luck.

Below is the show configuration log...

 Saved

:
: Serial Number: JAD22310EK4
: Hardware:   ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
: Written by enable_15 at 18:30:29.659 UTC Tue Jun 11 2019
!
ASA Version 9.8(2)
!
hostname AI-Firewall
enable password $sha512$5000$oN0ERX19wEcf1sA20aNprA==$h4DD3XDf1aAxawHyqyjPYQ== pbkdf2
names
ip local pool AI-Pool 10.222.222.100-10.222.222.120 mask 255.255.255.0

!
interface GigabitEthernet1/1
 nameif outside
 security-level 0
 ip address 67.71.213.166 255.255.255.252
!
interface GigabitEthernet1/2
 bridge-group 1
 nameif inside_1
 security-level 100
!
0
Dear Sir,

I have a question about https . In case, I apply a SSL cert (e.g. intranet.abc.com) but I type https://intranet instead of https://intranet.abc.com . Are there still have SSL encryption between the web browser and the web server?

Please advise. Thank you.

With regards,
Wataw
0
Does anyone know the best way to enable a Digital ID Encryption Certificate with Public Key using office 365?
0

Encryption

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.