[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x

Encryption

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

Share tech news, updates, or what's on your mind.

Sign up to Post

I need to ensure WEP is disabled.  I see the following, "security static-wep-key authentication open" and they are telling me that WEP is disabled.  Are they right?

I see the following command " ip telnet comport enable".  I need telnet disabled.  They are saying it is.  Are they right?

In the olden days, you could disable VTY and disable telnet.  I want SSH only.  Can you help here?

How do I tell the difference between SSH V1 and V2?  I see nothing stated in the configuration so I am assuming V1.  Thoughts?

FIPS 140-2 - They are telling me that FIPS 140-2 encryption is enabled, but I see nothing in the configuration to prove that.  I am very suspicious.

They said they disabled SNMP V1 and V2.  What do I look for in the evidence?  I just see SNMP and no characteristics of V3 such as authentication.

I am also told that the AP has no configuration - that everything is done on the switch now.

Maybe things have updated since I've done the work in the past, but I am highly suspicious as of now and looking for someone who is a current (I am a few years out of touch) to set me on the right path (confirm or deny my suspicions).

Thanks,

Awakenings
0
What does it mean to be "Always On"?
LVL 5
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

using 7zip on windows 10 I opened a password protected 7zip file and then added a small folder

now the small folder is not password protected

I dont want to unzip and then rezip
0
Hi Team,

I have a requirement from my client to find the encrypted & non-encrypted devices from SCCM report. We are using McAfee as  a encryption software and want to identify which devices are encrypted & which are not using SCCM query or any report. Can someone help me with a best possible solution. We are not using bitlocker through our OSD task sequence. McAfee team is handling this and need some help in identifying this scenario.

Thanks,
Sunil
0
Hello,

We know that Experts Exchange is not a promotional platform for commercial products.

We are not trying to sell our products here, we are simply looking for people who are interested in the purely technical aspect of them and who can to guide us on the repercussions that some of our discoveries might have.

Indeed, as indicated in a previous question, we have created a data security algorithm that generates among other extremely long security keys and which is not based on the RSA system or any other known system. (from 3000 to 9000 bit, 27000 bit is not yet being authorized in the "Beta version”)

We know that as soon as we exceed a certain length in the size of the security keys it concerns a very sensitive domain of IT and it is for prudence that we first chose to subscribe to Experts Exchange to address us exclusively to truly qualified people rather than publishing this information on large public broadcasts.

We have also created another algorithm for the verification and the generation of Large Prime Numbers and it seems that it is more powerful than those other tools that we know and that are currently available on the internet (we do not know if we are authorized to publish their links right here ?)

Here again we know that this is an extremely sensitive field and because this tool has no known limits (except the one we impose ourselves based on the physical hardware) it is very …
1
Hello again,

We forgot to ask you a question about prime numbers.

We are indeed releasing a number primality check tool for which there is no actual size limit beyond the one we have imposed for material resource issues.

However, it is often mentioned the existence of ILLEGAL prime numbers and we do not quite understand the meaning of being able to define a number, which ever it may be, illegal.

However, given the nature of our tool which has no processing limit, we do not wish to have any problem with the authorities.

What is your opinion on the issue, do you think we expose ourselves to any risk by releasing such a tool?

Looking forward to hearing from you.

Best regards,


Ex0-SyS
Roland LECOCQ
www.ex0-sys.ch


P.S. In attachment you will find a text file contains the 3 previous and the 3 next numbers following the first illegal known one that contains 1401 digits.
0
Hello,

We have designed a data encoding algorithm on which we have developed a digital file encryption software for which key security levels have lengths ranging from 3'000 to 9'000 and up to 27'000 bits (this has nothing to do with RSA technology).

We are being cautioned that key lengths in excess of 2'048 bits could potentially be considered to be usable as computer weapons.

We do not wish to make mistakes and because here there is a lot of IT experts, we are sending you this message to ask you for advice for not doing any illegal things.

We are looking forward to hearing from you.

Best regards,
 

Ex0-SyS
Roland LECOCQ
www.ex0-sys.ch
0
i am trying to encrypt the number datatype in oracle but i am not able to find the solution for that.please tell me the solution for me
0
Good day to All

I have searched with no luck, does anyone have a step by step method for acquiring and installing a recognised SSL certificate for use with RDP - my problem is that for Godaddy and others they require access to a domain to verify the certificate.  I have a server name in a workgroup, therefore no FQDN !  So, I can't create a CSR either for just a server name.  Any ideas suggestions gratefully received .

Thanks

E.
0
I deleted image file from android7

Can I delete file again so file can not be recovered
0
This is an URL some local ticket-selling company embeds into QR codes, which they later use to validate an event admittance.

http://www.passline.com/e-ticket-validacion/PSk05lPmn_BXvTH4U1JMWQ@@

Can anyone make out something from the last chunk?
My first bet was Base64, but it's not.
Any help is appreciated.
0
Technology Partners: We Want Your Opinion!
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Hi everyone, Im learning and testing nfc cards.

I'm trying to know how works my university transport card, so I dumped it with 6 travels, then I waste one and dump with 5. The same with 4 travels.

I located the sector and the block of this sector that change, but I dont see the relation! Maybe you can help me

The block with 6 travels:
81 A8 1E 00   06 9E 1F 4E   DC 51 EF 30   02 60 20 C3

The block with 5 travels (I waste one to see this)
81 A8 1E 00   05 1E 1F 62   5C 12 B1 10   00 78 40 8C

And the block with 4 travels (wate another one):
81 A8 1E 00   04 1E 1F 62   5C C2 06 11   00 78 60 7C

Here are all to compare it better:
81 A8 1E 00   06 9E 1F 4E   DC 51 EF 30   02 60 20 C3
81 A8 1E 00   05 1E 1F 62   5C 12 B1 10   00 78 40 8C
81 A8 1E 00   04 1E 1F 62   5C C2 06 11   00 78 60 7C

Thanks a lot
0
Greetings,

We are running a 2003 domain, and plan to upgrade to 2012; I installed a 2012 R2 server, patched it fully, and promoted.  All was well for a day - until the machine account passwords expired, and they fell off the domain as the password had not refreshed.

This seems to be a problem that used to occur due to a mismatch in encryption types during the handshake, but it was apparently patched long ago.  I'm not overly keen on adding a couple of 2012 domain controllers and quickly demoting the old servers, so I have demoted the 2012 server for now.

Has anyone else experienced this issue?  Were you able to overcome the problem?
0
I’m having trouble setting up LUKS on a Red Hat Test Server. I decided not to have a DEV prompt for a passphrase at boot but to use manual decryption instead. This is supposed to require execution of the cryptsetup commands and mounting. I attempt to set it up on a blank second disk I recently installed. Here’s the session…

**************************

sudo cryptsetup luksOpen /dev/sdb crypt-sdb
# enter /dev/sdb password

sudo cryptsetup luksClose /dev/sdb crypt-sdb

**************************



This then caused RHEL to freeze and force a cold reboot. I then used yum to run updates. I try again…



**************************

sudo cryptsetup luksOpen /dev/sdb crypt-sdb
# enter /dev/sdb password
#[<username>@localhost dev]$ sudo cryptsetup luksClose /dev/sdb crypt-sdb
Device sdb not found

# [<username>@localhost dev]$ sudo mount /dev/sdb
mount: can't find /dev/sdb in /etc/fstab

**************************



So I attempt to enter /dev/sdb in /etc/fstab but unsuccessful since it’s read-only. I try this.



**************************

[<username>@localhost etc]$ sudo cryptsetup luksFormat /dev/sdb
[sudo] password for <username>:

WARNING!
========
This will overwrite data on /dev/sdb irrevocably.

Are you sure? (Type uppercase yes): YES
Enter passphrase:
Verify passphrase:
Cannot format device /dev/sdb which is still in use.
[<username>@localhost etc]$ sudo umount /dev/sdb
umount: /dev/sdb: not mounted
[<username>@localhost …
0
I've got an encrypted usb drive, just used the seagate utility and put a password on it.  It works fine on my Windows 7 laptop, but on both servers (2008 and 2016) it says "is not accessible. Parameter is incorrect" Most solutions seem to involve scanning the whole hard drive for errors and/or reformatting.  I shouldn't have to do that, because it works perfectly on another computer. What can be causing this?
0
DB2 10.5 on Windows

Does anyone have any experience with Native Encryption for DB2 on Windows.  Or Linux?  From what I have read, it should be transparent to the users but I have to assume there is overhead involved somewhere.  

The main thing I have read is that backups can take up to 3x longer.

Any insights would be appreciated!

Thank you!

Jim
0
Can anyone get me bitlocker recovery key from this id 8C63E707-1883-4693-8311-B87982489553
0
We have several PDF files from 2002-2005 which we cannot open. They are our own documents and as far as I know they are intact and not broken. In same folders are multiple other files that we can open. All erroneous files seem to be from one system our company has used in past.

Adobe Reader DC and Adobe Acrobat Pro just opens web page about Adobe Reader (https://acrobat.adobe.com/us/en/acrobat/pdf-reader.html). No errors in screen or in windows event log.

I tried some online analysis I found, http://www.pdf-online.com/osa/repair.aspx
This gave me error:
Input file open error
Errors:
Open file.
0x80410118 - E - The file uses a proprietary security handler.
    - File: test.pdf
Close file.

Next I tried software named GuaPDF (http://www.guapdf.com/) that should be able to pass PDF restrictions or password.
It gave me
test.pdf is the uncompressed document with 40-bit RC4 encryption (Acrobat 3 compatible)
And then popup message
This document uses non-standard encryption.

Any ideas how I could open these files? Or analyse this problem further?
From those error messages I believe that those files are encrypted in some way but I have no idea how I could verify that.
0
We're getting more and more requests from clients for recommendations and implementation of two security related systems: vulnerability assessments and file/folder encryption software. Our clients are:

1.  Law firms.
2.  Small (10 to 75 users).
3.  Networked; servers are virtualized.
4.  Windows OS (2008/2012/2016 on servers, 7/8/10 on workstations).
5.  Have perimeter firewalls suited to the size of the firm (mostly WatchGuard).

These requests for vulnerability assessments and encryption are prompted by requirements of certain clients of these firms, such as banks and insurance companies.  We're looking for tools that we can use/recommend to our clients for assessing vulnerabilities and providing encryption for files/folders.  Generally they don't require full disk encryption, as only a portion of their work product is affected by these outside requirements.  Full disk encryption, however, may be required for laptops.

We have a product for email encryption in place in some cases, but any thoughts or specific recommendations in that area would also be welcomed.
0
I wanted to know how you handle managing certificate based authentication for Exchange OWA and Active Sync for your Laptops and Mobile Devices?  Should i use 2 separate certificates 1 for laptops that auto-enroll themselves.  1 for ActiveSync devices that I enroll on behalf of then upload to our MDM system to deploy to the phones?  Do any of you use the same cert for both?  
I see that when a client auto enrolls itself I can't export the cert w/ private key for import into the phone without exporting from that individual laptop.  That is an administrative nightmare as there will be hundreds of laptops i would need to go to instead of being able to centrally manage.  So i was wondering from a management of all these certs how do you go about implementing and deploying this?
0
Concerto's Cloud Advisory Services
LVL 5
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Hi, I connected two asa5505 with a crossover cable to learn site2site vpn, I have these configures for both but it just not working, there are no activities on the outside interfaces. I have tested each asa5505 connected to my home LAN with internet access to make sure the interfaces are working. Thanks!


ASA Version 8.2(5)
!
hostname asa-a
domain-name asa-a.domain
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 10.1.1.1 255.255.255.0
!
ftp mode passive
dns server-group DefaultDNS
 domain-name asa-a.domain
access-list outside_1_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.2.2.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.2.2.0 255.255.255.0
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn …
0
our exchange server is pts-msx-1.ptsnewmexico.com.  Our email addresses end in  @ptsofficesystems.com.  I am having trouble getting our certificates correct.  Currently we are configured as follows:

Domain name
mail.ptsofficesystems.com

Encryption Strength
GoDaddy SHA-2

Validity Period
11/10/2014 - 8/13/2018  




Subject Alternative Names (SANs)
 owa.ptsnewmexico.com
 mail.ptsnewmexico.com
 pts-msx-1.ptsnewmexico.com
 autodiscover.pts-msx-1.ptsnewmexico.com

We still get certificate problems.  Any help on the sans would be appreciated.
0
Hello Experts!

OK, so I created an RSA Key Container using this code I got from the Microsoft Web Site:
https://msdn.microsoft.com/en-us/library/ca5htw4f(v=vs.110).aspx

I want to Export that RSA Key Container so I can Import it on another server...however when I try to do that it tells me:
"The RSA Key Container was not found"
When using this command:
aspnet_regiis -px "MyKeyContainer" "c:\keys.xml" -pri

Why?
0
I'm having difficulties with setting up a new site to site vpn to two other sites. I currently have a site to site working with from the 128.0 to the 2.0 networks.  I have a new site which I'm trying to configure a site to site vpn to the other two sites through the vpn wizard and they aren't connecting.  I went through the ASDM site to site vpn wizard and it worked for the first one but it doesn't for the new site to the others.  I have included the configs below.

192.168.1.0 NETWORK
:
ASA Version 9.1(6)
!
hostname ciscoasa
enable password OlOxQ1nyrZ49h6MK encrypted
names
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 104.201.x.x 255.255.255.252
!
ftp mode passive
object network obj_any
 subnet 0.0.0.0 0.0.0.0
object network EMAIL
 host 192.168.1.253
 description Woodchuck
object network Webserver
 host 192.168.1.254
 description ETIMAIN
object network cl
 subnet 192.168.2.0 255.255.255.0
object network NETWORK_OBJ_192.168.1.0_24
 subnet 192.168.1.0 255.255.255.0
object network SC
 subnet 172.172.128.0 255.255.255.0
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
access-list…
0
When trying to decrypt from shared dasd to mainframe using gpg decryption.  The file shiows up on the mainframe decrypted but with extra blank lines after each row.
Here is the decryption command... not sure why the extra spacing.... Any ideas ??

//STDIN    DD *                                                  
file=inputfilename.pgp                                  
ip=/folder path on shared dasd/$file  
sudo gpg -d --batch --yes --passphrase n1aCEvJns4 $ip            
//                  
                                           
Thank You !!
0
One of of our users has forgotten the exact details of their encryption password. They can remember the characters they used e.g. RTYD67H but they can't remember what was lower case and what wasn't. Does anyone know of anything that might generate all the variants of that password e.g. rTYD67H, RtYD67H and then we can enter them manually? Or is there anything we can run against this laptop that will test all those variants for us?  the laptop was encrypted with TrueCrypt.

Thanks
0

Encryption

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.