Encryption

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi All,

I was asked a question today, and whilst I have some ideas, I figured it would be good to see what others think in case I am out of date or missing something.

I was asked what encryption option to use for storing confidential information on a cloud storage site.

The site allows encryption of whatever is uploaded, and they *claim* that they don't have the keys (and I believe them).  If we (the client) loses the keys, then the storage site cannot help them.  We have a good system for backing up the keys, and I will also have a copy that I will hold for them, and I am comfortable that this aspect is well covered and secure, both at their end and mine.

This is a secondary backup in case something happens to the office site drive backups they already have in place each day.

The backups include staff records and payroll date, so the client wants to pre-encrypt their bulk data backups prior to storing in the cloud site, which I am all for too.

They want to take the backups, combine them into a single file for a given date (the size of the backups makes this viable), and store that single encrypted file on the cloud site.

They were proposing to zip the backup  using 7-zip and apply the AES option with a password that is 23 random characters, followed by the date (so today would end in 20180814).  That way the password is really 23 characters, but all the passwords are different.

I am okay with that, but perhaps there are better options.  When asked, I …
0
Get your problem seen by more experts
LVL 12
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

I'm working on an issue I have with a vendor. They are unable to communicate with our exchange server.  The following message was sent to us.


"A Purchase Order sent to this email address has failed because a “secure delivery could not be established.
If it is a valid email address, please make sure that your company white lists all emails from the @domaint.com domain so Purchase Orders can flow without failures.  Also, please make sure that your email can handle TLS encrypted emails.  Our ordering system utilizes TLS encryption. "

I went to ssllabs.com with the following results

 ________________________________________
 https://www.ssllabs.com

Configuration

Protocols
TLS 1.3      No
TLS 1.2      Yes
TLS 1.1      Yes
TLS 1.0      Yes
SSL 3      No
SSL 2      No
For TLS 1.3 tests, we currently support draft version 28.



Certificate #1: RSA 2048 bits (SHA1withRSA)

Server Key and Certificate #1
Subject      remote.domain.com
Fingerprint SHA256: 242108f159834deXX
Pin SHA256: gJb0SUQGT9xdgAUkLtUabTUHxx
Common names      remote.domain.com
Alternative names      remote.domain.com exchange.domain.local AutoDiscover.domain.local AutoDiscover.domain.com mge.local domain.com
Serial Number      505976e8d2dacd9445086axxx
Valid from      Thu, 09 Jul 2015 21:01:06 UTC
Valid until      Thu, 09 Jul 2020 21:01:06 UTC (expires in 1 year and 10 months)
Key      RSA 2048 bits (e 65537)
Weak key (Debian)      No
Issuer      remote.domain.com   Self-signed
Signature algorithm      SHA1withRSA   INSECURE
Extended Validation      No…
0
Is the Instagram iOS app on my iPhone using an HTTPS SSL to encrypt all session activity from being viewed by my ISP? How do you know? Is there any evidence which proves all app activity on Instagram is encrypted or not encrypted?
0
Hi All,

Researched this and wanted to know if anyone has a solution. Is there any way to encyrpt dpm data at rest. Reached out to Microsoft Support, which confirmed DPM does not support encryption.  Thanks,

Are there third party tools out there to accomplish this.
Were using an old storage server from what I can tell  doesn't support hardware encryption - Proliant SE1220,
0
We are evaluating options for email encryption.  We currently use ZixMail to encrypt sensitive information.  The ZixMail always requires the password to open the email and read it.  What other applications are there that offer this same option?  We are using Office 365 and the Microsoft EOP does not have the option to lock the email like ZixMail does, it will keep it in plain text, so if someone gains access to the email account they will be able to read the email.

I have started looking at Virtru for email encryption and was wondering what others are using.

Thank you
0
We clone laptops usning MDT (off line) . And when laptops get cloned they run a script to  run susprep and install some App and run encryption by  BitLocker in the end.
All clones run bitlocker except the one which was upgraded to windows 10_1803. The 1803 version of cliets have problems running encryption.They all hangs while in the process of encryption .Looks like they get used area encrypted by default when they get cloned.P;ease see screen shot of a master and cloned Master is Fully Decrypted and cloned has used spaced 100 % encrypted. If I stop the script before it starts running encryption process and manually decrypted a drive and restart script it runs perfectly fine.
How can I prevent MDT not to prevent encrypting HD ? I disabled BitLocker on a task sequence but it clones still has it on
0
I believe my service reference is using Triple DES encryption to communicate with one of our vendor's web services. The server we initiate the call from cannot have the 3DES cipher enabled due to PCI constraints.
How can I set my service reference in C# to use RSA instead?
0
Microsoft Exchange 2016 Vulnerabilities:

We have vulnerabilities for below two points on Exchange 2016.
If we take action and make any changes, does it negative impact on our Exchange servers?
We have total 12 Mailbox Server, 1-WITNESS Server, 1-DAG CLUSTER. Please suggest  on below vulnerabilities.
Need your valuable inputs.

Vulnerabilities:
1) 3DES configuration in registry, & 
2) Disabling “SendExtraRecord” parameters in registry.

SSL Medium Strength Cipher Suites Supported      The remote host supports the use of SSL ciphers that offer medium
strength encryption. Nessus regards medium strength as any encryption
that uses key lengths at least 64 bits and less than 112 bits, or else
that uses the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength
encryption if the attacker is on the same physical network.

SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability (BEAST)      A vulnerability exists in SSL 3.0 and TLS 1.0 that could allow
information disclosure if an attacker intercepts encrypted traffic
served from an affected system.

TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are
not affected.

This plugin tries to establish an SSL/TLS remote connection using an
affected SSL version and cipher suite and then solicits return data.
If returned application data is not fragmented with an empty or
one-byte record, it is likely vulnerable.

OpenSSL uses…
0
I have a Lenovo ThinkPad T470 that every time it reboots BitLocker (BDE) gets tripped.  If I force shut down and turn back on most often it boots into the OS (Win 7 Pro).  But, any warm reboot and it trips.  I've suspended and rebooted with it suspended several times but as soon as I re-enable, problem is back.

Enterprise setting; Image is deployed via Network and BDE encrypts the entire drive as the task sequences execute.  It normally boots into regular logon and disk encryption complete but not this one.

I SUSPECT bad drive (SDD) or controller but have no idea how to prove it for warranty.

T470's have SSD with NVMe via M.2 (and I can't find a GOOD diag tool for this hardware combination.  Most diags I find can't handle the M.2 and never see the SSD at all).  I have wiped and reimaged a second time just in case the first deploy was defective.  Same problem.

So the actual question would be two-fold.  
1.  Does anyone know of a good diag tool for the above hardware
2.  Feedback on WHY this one, machine is giving me headaches!
0
hi there,

Currently I'm trying to create, sign & broadcast bitcoin transaction using btcsuite. For start, I've already had testnet3 address & its associated privatekey for testing. However, hunting through the post and articles like below:-

https://www.thepolyglotdeveloper.com/2018/03/create-sign-bitcoin-transactions-golang/
https://github.com/prettymuchbryce/hellobitcoin/blob/master/transaction.go
https://github.com/btcsuite/btcd/issues/1164

The solution proposed above its not complete, for first one, it only covers until signing (i knew the author claimed its not broadcastable unless you provide the utxo which i did if i'm right) but when tried to braodcast it failed with message

"Error validating transaction: Transaction be9b294695bfb201a5cff32af074a4bf72b073e3c9dad1969111165bf118a622 orphaned, missing reference f0c0d3b3eecf911ede996a74ceadc9366068791450c9e6bacee9ae202f3690d1."

I have no idea what's going on and I suspect its script is incompatible.

So, the bottom line is I just want a workable example in bitcoin testnet3 that shows "from 1 address transfer some bitcoin to other address" by showing the process of creating raw transaction, sign it with private key, turn it to raw transaction in hex format & broadcast it using something like https://live.blockcypher.com/btc/pushtx/ (BTC testnet)

currently my code is as follow:-

package main
import (
    "fmt"
    "encoding/hex"
    "bytes"
    "github.com/btcsuite/btcutil"
    btcchain 

Open in new window

0
Cloud Class® Course: Microsoft Office 2010
LVL 12
Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

I have tried several things to disable TLS 1.0 on a Windows 7 system.  All the documentation states to add registry keys and reboot.  No matter what  try TLS 1.0 is still reported to be enabled on both the client and the server side of the system.  Here are the registry keys:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001

Open in new window

Testing with nmap and openssl both show that TLS 1.0 is still enabled for 3389 (server).  
openssl s_client -connect 192.168.1.1:3389  -tls1
....
SSL-Session:
    Protocol  : TLSv1
    Cipher    : ECDHE-RSA-AES256-SHA

Open in new window

nmap --script ssl-enum-ciphers -p 3389 192.168.1.1
PORT     STATE SERVICE
3389/tcp open  ms-wbt-server
| ssl-enum-ciphers:
|   TLSv1.0:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
.....

Open in new window

Going to https://www.ssllabs.com/ssltest/viewMyClient.html shows TLS 1.0 is still enabled on the client side:
 
Protocols
TLS 1.3	Yes
TLS 1.2	Yes
TLS 1.1	Yes
TLS 1.0	Yes
SSL 3	No
SSL 2	No

Open in new window

0
It’s a sync / backup ?

If it syncs a problem can you revert backwards ?
0
Hi,

I am looking for a disk encryption system that can:

1.      Encrypt all files on all computers in our company.
2.      Inside our company, use transparent encryption described in https://en.wikipedia.org/wiki/Disk_encryption so that all files can be copied or moved as if they were not encrypted.
3.      When copying or moving the files outside our company, the files stay encrypted. This is to prevent any employees from copying confidential data outside our company.

I have studied MS Encrypted File System and BitLocker, but both seems cannot support the third feature. Therefore, I just wonder whether there are other tools that can support all.

Thanks
0
hi,

what kind of encryption DB2 is offering? what tier are they doing to protect?
0
bitlocker encrypted drive on usb: we have a laptop with ssd drive with bitlocker encryption that crashed and won't reboot to windows.  Before reinstalling Windows 10, I'd like to know how to put the drive on external usb on another computer to try to retrieve data from it.  It just says it's not accessible and doesn't have an option to put in the encryption key.
0
I am having and issue with Citrix Receiver on one of the system I manage. I get the error message "This version of Citrix Receiver does not support the selected encryption. Please contact your administrator."  I found several topics suggesting corrupted registry entries and to use the clean-up utility.  I have done all that. I finally resorted to re-imaging the system and starting from scratch. This worked for about and hour until the user restarted the machine.  I have several other systems with the exact same setup that don't have this issue.  Where is this coming from? Has anyone resolved this issue?
0
Hi!
I´m trying to use programm by James-Gourley to decrypt a 1.4.0.0 version of Cryakl  . Some files are decrypted correctly, and other files are not decrypted with  "encryption signature mismatch" message. Help me please. Sample files https://dropmefiles.com/769Q7   More examples of unencrypted files https://dropmefiles.com/CZ7xH
0
We have a McAfee encryption epo 4.5 server that has failed due to a locally attached disk array issue.

The database for this box however is stored on a separate server.

Can a new Mcafee encryption installation be built by attaching to this existing database?
0
How to apply bit locker auto unlock internal fixed data drive without encrypting system drive in windows server 2012
0
Introducing Cloud Class® training courses
LVL 12
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

RDS - encryption error...

Getting this on a laptop frequently this morning, connected over remote VPN.  

Also get it a few occasions when the user worked on a different machine over site to site VPN tunnel.

Server 2016.
Clients Win10 1803.
Site to site VPN - Cisco ASA 5505
remote VPN Cisco client and more recently cisco anyconnect.

Ideas?
0
Currently our accounting staff has to manually download a file from our bank on a daily or weekly basis.  One of our system programmers wants to automate the process so Accounting does not have waste 1 hour/week on the download.   We have talked to the bank and all I get from them is that we need to open Port 22, setup a SFTP site and PGP for encryption.   The bank did send me some information on setting up PGP.  I have read some articles dealing with Linux  but for us this will be on a Windows 2012R2 server.  My question: Should I do this?  I would rather not due to the security but I will need facts to back me up.  Everything I have read is from 2010 or earlier.  I would like to get your opinions as toward If it is safe to proceed or not.  Also, if you say yes, if you have any thoughts on setup.

Thanks for your help
0
Hello,

I have been using a Netscreen SSG-5 firewall for my home office since 2009. For the first 5-6 years or so I logged into it fairly regularly to check on status, tweak configuration, and update the ScreenOS.  I have not logged into it for the past 2-3 years. I recently received an email from Lifelock warning me about VPNFilter malware that is targeting routers. This made me think about checking the status of my SSG5 to make sure it has the latest firmware and ScreenOS and to possibly change the password.  The problem is when I try to connect to the firewall at https://192.168.X.XX/ using Firefox I get an error message that the Secure Connection Failed with this specific error message:

Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP

I then tried using Chrome and received a similar error message:

This site can’t provide a secure connection 192.168.X.XX uses an unsupported protocol. ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Internet Explorer also failed.

It has been a few years since I have worked with the firewall and I am a bit rusty in terms of the technology.  I did some searching and learned that the latest versions of Firefox, Chrome and IE won't accept weak "ciphers" and that my SSL and/or TLS are outdated.  I found something about RC4 not being safe.  I also think my certificate has expired.  It has been a few years and this is is a bit Greek to me.  All I know …
0
Hi all, with the Mac File vault encrpytion - will this ask for a code on startup - kind of like bitlocker on windows?
0
I have reset customer registration to use AES encryption to comply with new regulations.  The MySql is recording the data correct with $salt being used to encrypt the email.
However, I use PHPMAKER to manage the database on my PC (or could use MS Access but I cannot figure how to decrypt and encrypt the email so that I an update data.
The email is the only field of 20 to be encrypted.

Anyone able to help with amending the various PHPMaker scripts or a VB function to import and export to Access 2003
My database is just over 200,000 emails.
0
I would like to check if data at rest encryption is turned on in my Isilon cluster.

From what I have read Isilon does it automatically with the use of SED (Self encrypting drives).

Is my understanding correct?

And how can I check if the drives on my system are self encrytping?

 

Also if we setup cloudpools then how can we make sure that data will be encrypted on the cloudpool side as well?
0

Encryption

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.