Encryption

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

Share tech news, updates, or what's on your mind.

Sign up to Post

ive been hit with a ransomware attack
I can still use the computer but all word docs have been encrypted
I can open docs but they are blank
is my only option paying or can I get these back?
they are requesting over £800
0
When ransomware hits your clients, what do you do?
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Hey all, im looking to encrypt some laptops for work. Does W10 Home offer Bitlocker?
0
Hi,

I have MSSQL 2008 R2 Server that I need to reset the master key on one of the DB.  However, I cannot find the password for the current master key.  In my research to find a solution, I have found that I should be able to use;

ALTER MASTER KEY REGENERATE WITH ENCRYPTION BY PASSWORD = 'Not real password'

But I need to use the FORCE option.  Which I am not for sure how to use with the above query statement.

If this is correct, how do I use the FORCE option?

Thanks
0
Hi All

I was asked to do simple Proof of concept on Oracle encryption on one of my Lab environment.

DB Version :11.2.03

THANKS
VINAY PALAPARTHY
0
Hi There,

We have recently acquired a  new mail base and we need to sync the data over to our new server.
However we have encountered a problem where the passwords are encrypted.
There are 2 passwords, digest password: digestPassword = {SSHA}TWcg67eMGQn428d3dS4HbZJqytpFMkku182nLQ==
and encrypted password. I was given a key RSA-X.509 to decrypt it but unsure how to go about so.
Please could someone kindly advise as we have around 50k mailboxes to copy over.
Thanks
0
I have a .txt file containing a yahoo contacts list that looks to be purposely encoded incorrectly to obscure the contents of the file.

I'm no techie.  Is there a software or process that can be used to restore the proper encoding and reveal the contents of the file?
0
I have a domain with four domain controllers in place.
Two DCs have DES enabled - see key in HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\parameters\ - and two other where DES is not enabled.

I have a webapp that uses DES to allow Single Sign-on.

What I don't understand is the following issue:

when I use a PC and confirm the authenticating DC by issuing the command "set logonserver", this is a DC where DES is not enabled. However, I can still use DES. Using Klist I can see the following ticket being issued

Client: myuser @ my.domain.com
Server: HTTP/webserver.my.domain.com @ MY.DOMAIN.COM
KerbTicket Encryption Type: Kerberos DES-CBC-MD5
Ticket Flags 0x40a10000 -> forwardable renewable pre_authent name_canonicalize
Start Time: 6/30/2017 11:49:57 (local)
End Time:   6/30/2017 20:03:26 (local)
Renew Time: 7/7/2017 10:03:26 (local)
Session Key Type: Kerberos DES-CBC-MD5

How is that possible ? Is it possible that despite being authenticated by one DC (where DES is disabled), this kerberos ticket is issued by a different DC (where DES is enabled) ?

Thanks for any input.
0
We have a service user configured for DES encryption that is generating a TGS error.
Looking at the registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\parameters, I see that some DCs are configured with the value 0x7ffffffc (2147483644), but some don't have this key altogether, therefore are not supporting DES Encryption.

What baffles me, is that the policy "Network Security: Configure encryption types allowed for Kerberos" is set to "NOT CONFIGURED" for all DCs.

So, why do you think this setting is enabled on only some DCs even when is not set by a policy ? I have a variety of Windows 2012 and 2003 Domain Controllers.

Thanks!
0
Hi all,

We have recently upgraded our internal CA to SHA256. We have a number of internal webservers that have sha1 certificates that are still valid. We are looking to upgrade each other certificates through controlled process. My question is, if we are to renew the certificates on the servers with the new SHA256 if there any issues are we able to recreate a new cert using a SHA1 cert?
0
We have an ADFS server set up that we use authenticate our domain users for Skype for Business online. This works successfully so I know that the basic configuration is correct. I have created a relay trust with one of our application partners, who have written their own STS system. When clicking on the link to the application, we are redirected to our AD FS front end but we're unable to login. Speaking to our partner, they're saying that the claim we're producing does not include the name id which they need to allow us to login. The relay trust has been set up without encryption or signing requirements and I have set up a rule that based on the Mapping of LDAP Attributes to outgoing claim types with the LDAP attribute being E-Mail-Addresses and the outgoing claim type Name ID.

When trying to connect, 2 events are generated in the AD FS Admin log of the ADFS server. These events are;
1)   Event 303. The Federation Service encountered an error while processing the SAML authentication request (MSIS0037: No signature verification found for issuer https://xxxxxx
2) Event 364 . Encountered error during federation passive request (MSIS0037: No signature verification certificate found for issuer https://xxxxxx

The site https://xxxxxx (which is set up as the identifier in the relay party trust) has a mismatched certificate name but as signing and encryption are switched off on the trust, I don't understand why I'm seeing the message and why the token is not being generated.
0
On Demand Webinar: Networking for the Cloud Era
LVL 9
On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Hello sir , i'm using WCF services in both web application and android . Now i want to implement encryption and decryption of various id's  so if i apply the encryption and decryption then on the web end i can easily manage the code but for android developer this is very hectic problem therefore suggest me how can i manage the code.
0
I got hit with Amnesia Ransomeware...
Any help to decrypt?
0
I have a number of old word documents that I need to migrate to pdf but first I need to save them as DOCX but I want to save them without the Encryption password (which I have).

Anybody know how to do this?
0
I set up one of four laptops as usual, enabling TPM, turn on bitlocker and require a bitlocker PIN at boot to log onto the computer. In my setup, I create an original admin account (named - pallap005), a standard account (named - clinical) and then enable the default admin account. Once that is done then I disable the pallap005 admin account. In this case, I disabled my pallap005 admin account  before I enabled the default admin account leaving only my standard user account (clinical) available. I need to know if I can enable the admin account and how do I go about doing this?
0
Hi All,

 

I have been tasked with setting up a secure file transfer mechanism for our organisation.

We have created the private keys etc. using Kleopatra and are able to encrypt/sign (with asci armor) and decrypt and exchange files with our partners successfully.

I would like to automate the process as follows.

Users place files in a folder based on a Fileserver.

GPG4Win (based on our SFTP Server) is scheduled to check the folder, encrypt any files it finds placing the encrypted file on the SFTP server’s Outbound folder and DELETING the original file on the Fileserver.

I am able to automate the encryption but the original file stays in place. When using the GUI there are options for the following, “Remove unencrypted original file when done”

I am using the following syntax

 

Gpg2 –batch –recipient xxxxx  –encrypt-files –armor C:\Location\*.txt

Which creates the encrypted the files in the same location and the orginal files still remain.

 

I have tried a number of different options, none of which worked for me.

If I am able to to encrypt/decrypt and point the files to an alternative location and remove the orginals then I would be extremely grateful for the help.
0
I am using C# in SSIS Script Task and PGP Command Line tool for decrypting symmetric encrypted pgp file.
But this is not working, the command window appears and then hides showing a message:

pgp:decrypt < 3001:input file not found>
:decrypt <3090:operation failed, had parameters>

What is wrong with the code?

System.Diagnostics.Process p = new System.Diagnostics.Process();
                p.StartInfo.WorkingDirectory = @"C:\Program Files\PGP Corporation\PGP Command Line";
                p.StartInfo.FileName = @"C:\Program Files\PGP Corporation\PGP Command Line\pgp";
                string args = @"/c pgp --decrypt ""G:\MYHR\Payroll\PGP\ENCRYPTED\ECMC.TUR.PayrollExtract-Transactions.504001631112121.zip"" --symmetric-passphrase ""Example1"" --overwrite remove --output ""G:\MYHR\Payroll\PGP\DECRYPTED""";
                p.StartInfo.Arguments = " " + args;
                MessageBox.Show(p.StartInfo.Arguments);
                p.Start();
                p.WaitForExit();
                Dts.TaskResult = (int)ScriptResults.Success;

Open in new window

0
I've been chasing my tail trying to solve an issue after authenticating with ADFS 4.0 against even a basic SSO site. It would bring me to
https://FQDN/adfs/ls/idpinitiatedsignon.aspx, but after authenticating it would immediately throw a 400 error. Logging only showed:

S4U Logon for user with upn 'USERNAME' threw the following exception: 'The encryption type requested is not supported by the KDC'

After hours of checking things, I figured out that the local GPO needed to have RC4_HMAC_MD5 enabled under:
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options > Network Security: Configure encryption types allowed for Kerberos.

I wanted to post this to save someone the 72 hours it took to solve this issue in a highly secure environment.
0
0
down vote
favorite
We have the application done C# and passing parameter to Java application. To make it secure we Java application developer come up with AES encryption. The developer gave sample code in Java. Kindly somebody helps me. How can I encrypt same way in C#

//    Cryptix imports
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;

import cryptix.provider.key.RawSecretKey;
import cryptix.util.core.Hex;

import xjava.security.Cipher;

public class AESEncryption {

    private Cipher m_alg;
    private RawSecretKey m_key;

    private static final String RIJNDAEL = "Rijndael"; //mode of encryption
    private static final String PROVIDER_CRYPTIX = "Cryptix"; // Cryptography algorithm providers

    /**
     * Must (once) be dynamically installed. - could alternatively be set
     * statically in $JAVAHOME/lib/security by changing security provider.
     *
     */
    static {
        java.security.Security.addProvider(new cryptix.provider.Cryptix());
        System.out.println(" Java Security - Add security provider - Cryptix provider added");
    }

    public AESEncryption(String secretKey)
        throws java.security.NoSuchProviderException, java.security.NoSuchAlgorithmException {

        //System.out.println("Key used for encryption/decryption :- " + secretKey);

        m_alg = Cipher.getInstance(RIJNDAEL, PROVIDER_CRYPTIX);
        m_key = new RawSecretKey(RIJNDAEL, …
0
We are developing a customer facing web portal which will require a user to authenticate themselves against encrypted data stored on our Power 8 by way of a URL request and an SQL or C# intermediate function (although we are open to other concepts and suggestions).

Even though I've read a great many article relating to this subject, I would be grateful for any current guidance on the type of encryption to employ, coding language to use and examples of implementations.

Thanks in advance.
0
On Demand Webinar: Networking for the Cloud Era
LVL 9
On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

We have a Dell E7270 Ultrabook, it has McAfee disk encryption. When the machine starts up and shoots off a 'USB transfer error'.
What has been tried,
1. Move all usb from the back of the docking station PR02X to the side - or vice or versa.
2. Swapped out the docking station to a 'K090A' station - Error still happens
3. Updated McAfee, updated the Bios (not sure the versions)

found a temporary work around
Turn off the machine, undock the Ultrabook, turn it on. Pre-boot McAfee will not give the error message.
boot to Windows, go to the pc power settings and change "what happens to the pc when the lid closes"
then re-dock.

Has Anyone else run into this issue? any information would be awesome.
Thanks in advance.
0
Domain oriented PC has been encrypted with Bitlocker for the past year and now all of a sudden the bitlocker prompt came up. Suspended the bitlocker and restarted to clear the bitlocker prompt during startup, and now when I try to re-enable bitlocker, I get prompted with "Wizard initialization has failed" One or more bitlocker key protectors are required you cannot delete the last key on this drive. When I try to   check the TPM in the BIOS, it is completely missing. What would cause this and how can I fix it? I have also downgraded the BIOS and re-flashed it and nothing changes.
0
Team, need help resolving a laptop build that's continously failing at the bitlocker stage of task sequence, it's specific to just this model laptop, and I suspect it's related to some BIOS config.
Can you advise or direct me please,
Laptop Model = HP Elite X2 1012

______________________________________________________________________________________________________________________________________________
Error in logs:

... r
Initial TPM state: 55
Creating TPM owner authorization value
Succeeded loading resource DLL 'C:\Windows\CCM\1033\TSRES.DLL'
Taking ownership of TPM
uStatus == 0, HRESULT=80070005 (e:\nts_sccm_release\sms\framework\tscore\tpm.cpp,645)
pTpm->TakeOwnership( sOwnerAuth ), HRESULT=80070005 (e:\nts_sccm_release\sms\client\osdeployment\bitlocker\bitlocker.cpp,522)
InitializeTpm(), HRESULT=80070005 (e:\nts_sccm_release\sms\client\osdeployment\bitlocker\bitlocker.cpp,1313)
ConfigureKeyProtection( keyMode, pwdMode, pszStartupKeyVolume ), HRESULT=80070005 (e:\nts_sccm_release\sms\client\osdeployment\bitlocker\bitlocker.cpp,1552)
pBitLocker->Enable( argInfo.keyMode, argInfo.passwordMode, argInfo.sStartupKeyVolume, argInfo.bWait ), HRESULT=80070005 (e:\nts_sccm_release\sms\client\osdeployment\bitlocker\main.cpp,382)
'TakeOwnership' failed (2147942405)
Failed to take ownership of TPM. Ensure that Active Directory permissions are properly configured
ccess is denied. (Error: 80070005; Source: Windows)
0
I was given the task of holding all files(mainly Word, Excel and PDf's)  that 2 sites will use in my location and then the users will map a drive to have access. Permissions will also be an issue not all users can see every folder.
Also we need to think about encryption ( don't need files on server to be encrypted) just the transfer of the files.

We will also need to backup to their location for disster recovery.

We do not want to put files in the cloud.....

Looking for advice, experiences that could help us decide which is the right route to take.
Thanks in advance
0
I've got a Windows 7 machine where the system drive was encrypted with VeraCrypt. After the VC boot loader verifies the password, I get a Windows splash screen, followed by a BSOD informing me that the boot sector is corrupted. As far as I can tell, no one here has the rescue disk for the machine.

I'd like to run the Windows boot repair from the installation disc, but I can't do it directly from the BIOS because the volume is encrypted. I can't decrypt the volume (I don't think) because I don't have the rescue disk, and I can't get into Windows to run a disk check because the system won't boot.

Does anyone have any ideas for recovering data from this drive? Any suggestions are appreciated.
0
Hi

I need to upload a file to a FTP Server where the encryption is Explicit FTP over TLS.

I have googled and it mentions 3rd Party add ons.

Does the later .NET allow this with out the use of 3rd party add ons.

Thanks,
0

Encryption

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.