[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More



Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

Share tech news, updates, or what's on your mind.

Sign up to Post

IPSEC Tunnel Fails 2x2921

I tried putting a routing statement but no change.  NO PRIVATE INFO: I'll change the crypto key once I get this working.

ip route

ip route
Diagram!!!@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ SITE 1 @@@@@@@@@@@@@@@@@@@@@@@@!!!!
localrtr#sh run
hostname localrtr
enable secret 5 $1$A3Kg$TZeqZI6QF3r.S4nu80fZJ1
no aaa new-model
ip domain name mydomain.com
ip cef
multilink bundle-name authenticated
username cisco privilege 0 password 7 05190900355E41060D
crypto isakmp policy 1
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp key firewallcx address
crypto ipsec transform-set TS esp-3des esp-md5-hmac
crypto map CMAP 10 ipsec-isakmp
 set peer
 set transform-set TS
 match address VPN_TRAFFIC
interface GigabitEthernet0/0
 description OUTSIDE
 ip address
 duplex auto
 speed auto
 crypto map CMAP
interface GigabitEthernet0/1
 description INSIDE
 ip address
 duplex auto
 speed auto
interface GigabitEthernet0/2
 no ip address
 duplex auto
 speed auto
interface FastEthernet0/0/0
 description MGNT_10_10_10_15
 switchport access vlan 200
 no ip address
interface Vlan200
 ip address
ip access-list extended VPN_TRAFFIC
Bootstrap 4: Exploring New Features
LVL 12
Bootstrap 4: Exploring New Features

Learn how to use and navigate the new features included in Bootstrap 4, the most popular HTML, CSS, and JavaScript framework for developing responsive, mobile-first websites.

In Windows 2012 R2 with SQL 2014, I would like to setup traffic over 1433 to use IPSEC. I have ready multiple article on the setup by need clarification on the following.

1) Are certificates on both servers required
2) Is just setting the Firewall rule to access connections over IPSEC the only thing that is needed?
I would like some advice on security.  I have recently purchased a Microsoft Surface Pro 6.    Due to the nature of my work, I store a lot on it.

I use Google Drive to sync all documents and I am looking for the following solutions:

1) I am looking to find a solution to protect all of my data that is stored on the hard drive (synced with Google Drive), so if the laptop is stolen - the data is safe
2) I am looking for advice on how to protect log on - I am using Face ID - is that enough
3) I am looking for advice on recovery and tracing the laptop if it is stolen


Suddenly, 1,000s of files have been encrypted on our network drive.  DO WE PAY THE RANSOME?

Thousands of files in our ShareFile directory were encrypted between 12:01 PM and 12:59 PM yesterday. Of course in a matter of hours the encrypted files updated the good files on every laptop and employee's home machines that were running ShareFile.

The following string has been added to the name of every encrypted file:


Removing this string from the end of the filename does not help. Regardless of the type of file, .doc, .xls, .pdf, etc. the file will not open. Depending on the opening program says the file is damaged.

One file in the root drive of the ShareFile directory, named how_to_back_files.html, does open and reads like this when opened (the wording is exact):

Your documents, photos, databases and all the rest files encrypted cryptographically strong algoritm.
Without a secret key stored with us, the restoration of your files is impossible

To start the recovery process:
Send an email to: hoboblin@torquechat.com with your personal ID in the message body.
In response, we will send you further instructions on decrypting your files.
Your personal ID:
93 C7 AC 4B ... (This goes on for several lines!)

Do we contact them? Obviously, they are going to want money. Do we pay? Go to …
I am running the Mint 19 Tara OS on my laptop and I have an issue with my startup (boot) sequence.  Something is telling the system to encrypt my swap partition but I do not have a swap partition...  The "job" tries to run but it times out and fails.  It repeats itself numerous times during the boot sequence and wastes a lot of time during startup.

I need to identify what application is trying to run this job and why?  Then I need to figure out how to stop it from occurring.  I have no need for encryption on my computer at this point in time.  I am attaching a copy of the boot.log file so that the event in question can be viewed & identified.  It starts out with the line: "[* ] (1 of 2) A start job is running for dev-mapper-cryptswap1.device (8s / [** ] " and it appears that it is trying to encrypt two drives but I am not sure.

I'm attaching the boot.log file, any help with this would be appreciated.

We have a laptop and due to GDPR, i have to encrtpt the laptop with Veracyrpt.
The staff had kept very valuable data on the Hard disk  desktop and didn't back it  up...

The laptop was not booting poperly and i removed the hardisk and and connected to the hardisk caddy to see if i can recover the data and unfortunately it detects the disk if i open , it says i need to format the disk before i use it.

If i clcik cancel it says F:| is not acessible, the volume dosent contain a recogonised file system.Please make sure that all the required file system are loaded and that the volume is not corrupted.
I tried mounting the hard disk through Vera crypt software and also using the rescue disk still it doesn't work.

Please help , the staff will be the most happiest if the data is recovered.
Any help will instructions will be great.

So I’ve installed a new win 10 op sys

Can I encrypt my hdd ?
Our customer needs to have strong encryption for o365 emails. The CEO told me that he believes that o365 has only 128bit AES cipher when sending to Gmail. Is there a way to force the cipher to be 256 bit when sending to Gmail (and/or any mail system)?

Additionally has found out that when sending between Outlook clients the cipher is 256bit
( Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)

Thanks in advantage.
I have a PGP Universal Email Gateway that is used to encrypt and decrypt emails.
The workflow is as followed.
  1. Email is sent from my email server and there is a send connector rule to route a handful of domains to our PGP UGS to be encrypted then off to the archiver service
  2. Inbound emails are routed to  the PGP UGS from the Archiver service and if the email is encrypted it will be decrypted and sent to the email server to be processed.  

I did a Key Exchange with a client and this was one of the most difficult ones I have dealt with so far.  They have two options. PGP or TLS mandatory.
TLS option was rejected due to my spam/email protection (SaaS) is the  first hop after my email server.  Being that this is a third party that the email is being processed the client rejected this method so I had to go down the PGP route.  

I have a PGP UGS in my environment already and it has been working great for the most part.  This new client requirements are stricter than prior clients that I used this method with. They  mandate that the email be encrypted with a MDC (CHECKSUM), even though the initial tested passed and were acknowledge as a valid means to transmission.

I am not sure exactly what part of the PGP MDC is. I am encrypting to the client's key and do not know how to apply MDC to the emails.  Any insight, suggestions or alternative options is what I am looking for.  They gave me 4 weeks to resolve this.
We have a Microsoft PKI hierarchy with one offline standalone Root CA. We alos have an enterprise Subordinate issuing CA.  recently we started getting errors as below when we are requesting new certificates.
Error: An error occurred while enrolling for a certificate. A certificate request could not be created.
Error: The revocation function was u nable to check revocation because the revocation server was offline. 0x80092012 )-2146885613 Crypt_E_REVOCATION_OFFLINE)
The CRL for the root CA are published in the AD and also in a URL on the CA server.
The CRL of the subCA will automaticattly be published in the AD as I understand.
Could the ROOT CA CRL be the ISSUE. I want to be sure as it’s a big process of approvals to start the ROOT CA and get a new CRL.
I want to be sure that its not a local issue in my site before I contact the HQ ROOT CA admin to request the new Root server CRL’s.
Any help appreciated
Become a CompTIA Certified Healthcare IT Tech
LVL 12
Become a CompTIA Certified Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

I want to use the OpenSSL shell to wrap keys according to RFC3394 which should be supported by OpenSSL. But I have problems to find the correct syntax. I have a key encryption key (KEK, 32 hex letters), which will be used to wrap a new key (32 hex letters, hexKeyToWrap.txt) according to RFC3394. The result will be a new key with 192bit (48 hex letters, wrapped_key.txt). I am using OpenSSL 1.1.1 11 Sep 2018.

In OpenSSL command I use:
enc -id-aes128-wrap -K 00112233445566778899AABBCCDDEEFF -iv A6A6A6A6A6A6A6A6 -in hexKeyToWrap.txt -out C:\temp\wrapped_key.txt

Output: Error setting cipher id-aes128-wrap 36932:error:0607B0AA:digital envelope routines:EVP_CipherInit_ex:wrap mode not allowed:crypto\evp\evp_enc.c:161:

How can I fix the "mode not allowed" error message?
Hi Experts

I have MBAM - Bitlocker server setup and I'm doing some test for storing Bitlocker keys into my server.

My server is MBAM - 2015 SP1 and it is up and running, clients are Windows 10 Enterprse VMs. I can see clients reported into MBAM - Helpdesk portal, Bitlocker keys are being Stored in ADUC - Bitlocker Tab.

But I would like to see if it storing the keys in SQL DB of MBAM  and I follow this - https://blogs.technet.microsoft.com/askcore/2011/08/04/how-to-verify-bitlocker-recovery-keys-in-sql-db-using-mbam/ to see the keys, I don't see any key.
Upon checking Self service portal also, it is not able to find the key.

When I check in Client Eventvwr, I get as attached but only once. Other than no more info why it is not storing the keys into MBAM DB.

I have deleted "EncryptionMethod" registry in client and I have also set "DisableMachineVerification" to - 1 in registry but still unable to see any keys in MBAM Database.

Any suggestion how I can troubleshoot further to get Bitlocker recovery keys to be stored in MBAM DB?

Hi Experts

I have Bitlocker enabled in our company machines and Keys are stored in AD DS. After few months, we realize there are so many keys in Bit-locker TAB of computer objects in AD.

Management has decided to setup MBAM - Bitlocker management server to store all the keys but my question is once we setup MBAM, the new key that generated by HDD being encrypted will be stored or it will store whatever existing - old keys too ?
Can we store all the keys into new MBAM server and how can we do for those old keys already stored in AD DS?
Basically our objective is to store all the keys in MBAM server and not in AD DS .
Please advise?

Hey all I am having the hardest time trying to figure out how to go about the order of decryption the encrypted text.

This is my sketch code:

#include "AES.h"
#include "base64.h"

AES aes;

void gen_iv(byte  *iv) {
    for (int i = 0 ; i < N_BLOCK ; i++ ) {
        iv[i]= (byte) *(volatile uint8_t *)0x3FF20E44;

void setup() {

    char b64data[2000];
    byte cipher[1000];
    byte iv [N_BLOCK];
    char *encodedFinal;

    Serial.println("Let's encrypt:");

    byte *key = (unsigned char*)"5TGB&YHN7UJM(IK<";
    byte *my_iv = (unsigned char*)"!QAZ2WSX#EDC4RFV";
    char *msg = "{\"data\":{\"value\":300}, \"SEQN\":700 , \"msg\":\"IT WORKS!!\" }";

    //Set the key for AES
    aes.set_key(key, sizeof(key));

    Encoding section

    //Encode IV to Base64
    base64_encode(b64data, (char *)my_iv, N_BLOCK);    
    Serial.println("      IV -> Base64: " + String(b64data));
    Serial.println("       Orignal Msg: " + String(msg));

    //Encode message into Base64
    int b64len = base64_encode(b64data, (char *)msg, String(msg).length());
    Serial.println(" Message -> Base64: " + String(b64data));

    // Encrypt into AES256   
    aes.do_aes_encrypt((byte *)b64data, b64len , cipher, key, 256, my_iv);
    Serial.println("Encrypted: " + 

Open in new window

I need help with drive encryption. The BitLocker in Windows 10 keeps giving me an error with a message "The startup options on this PC are configured incorrectly. Contact your system administrator for more information".
I am constantly getting this error on IIS 8.5

The worker process for application pool 'XAppPool' encountered an error 'Failed to decrypt attribute 'password'
' trying to read configuration data from file '\\?\C:\inetpub\temp\apppools\XAppPool\XAppPool.config', line number '98'.  The data field contains the error code.

line 98:
          <virtualDirectory path="/Documents" physicalPath="\\server1\doc" userName="user1" password="[enc:AesProvider:KJE45afo9UsaYJXUZ/cgHEsf45seasE/93:enc]" />

A process serving application pool 'XAppPool' reported a failure trying to read configuration during startup. The process id was '7868'.  Please check the Application Event Log for further event messages logged by the worker process on the specific error.  The data field contains the error number.
Has been almost a year that I switch to Auth0 in order to manage my customer's access to the dashboard of my application. Nowadays I need to implement access for a RESTFULL API.

If I follow the instructions in order to secure the NodeJS app using JWT it works like a charm. The issue is that I am not properly sure on the implementation for the end user in order to get the token needed for access this API.

I thought of creating the tokens on the dashboard or just use a server side implementation for the login/authentication. I did the last using the access to my own database before and worker amazingly. My issue is that I am not completely sure on how to do it for the end user using Auth0.

Would be great if you can guide me in order to implement the login/authentication side of the API using auth0 and nodejs.
We have a number of Dell laptops running Windows 7 with BitLocker enabled, along with TPM (+ PIN) activated.  We're now about to start upgrading these laptops to Windows 10. What I need to know is if I need to clear the TPM in the BIOS before re-imaging these laptops.

The Windows 10 deployment will be BitLocker encrypted as well.  But since we're going from Windows 7 (Legacy BIOS) to Windows 10 (UEFI), we're having to wipe and reformat the drives. So the existing encryption for the Windows 7 install is not really relevant. The laptop will be returned to the same user.  With a newly encrypted drive, should existing TPM keys be cleared and reset before re-encrypting?

I know how to clear the TPM. I don't know if I "need" to clear the TPM, or if I "should" should clear the TPM.

I did a test upgrade (via SCCM), without clearing the TPM. In Windows 10, TPM was listed as active, but with "Limited Functionality".  

I then manually disabled BitLocker, cleared the TPM from the BIOS (which required extra reboot and re-entry into the BIOS to re-activate TPM), and re-encrypted the drive. TPM no longer shows a status of "Limited Functionality". It now shows "ready to use" (no owner?). Did I do something wrong?

(and further down the rabbit hole I go) When retiring computers, should we clear TPM in the BIOS after wiping the disk on the computer that's being retired?  Or am I over-thinking this?

Sorry about the multiple questions.
Hello -
A friend of mine has files on a USB drive that was infected with a virus. There was a ransomeware message stating their files were encrypted and asking them to pay a large amount of money if they want their files back. All of the files on the USB have a file extension of .pdf.zcdgu. Has anyone seen this before?  If so, is there a way to remove it?
HTML5 and CSS3 Fundamentals
LVL 12
HTML5 and CSS3 Fundamentals

Build a website from the ground up by first learning the fundamentals of HTML5 and CSS3, the two popular programming languages used to present content online. HTML deals with fonts, colors, graphics, and hyperlinks, while CSS describes how HTML elements are to be displayed.

Hello Experts!

I need your assistance with an issue concerning Java Encryption. What I am trying to do is to get the BlowFish method to function in the class file so that it can run, and output a following in Java:

Wil Wheaton is my hero!


Wil Wheaton is my hero!




What i'm looking for is output for the cleverpassword part but running into issues with cannot use non-static method, symbol, and does not over-ride abstract method. The method that I am using is implementing to the interface Encryptable for both files, excluding the driver and the Encryptable file itself. The Encrypt file is an Interface class and is implemented in the other two class files Secret and Password. The problem is the password file and the driver file.

Your help(s) is most appreciated.
We are using Gpg4Win to decrypt files we download from Concur.  The files are encrypted using the key we provided them.  We need to be able to download these files from any one of eight servers.  We have installed GpgWin4 on another server where we expect users to download the files and decrypt them.  This is our first of eight servers deployments.  We are not having success with decrypting the files.  We did use Kleopatra to import our files.  We created the personal key so we could certify but we did not publicize any keys.  We cannot get past this error:  gpg:  decryption failed: No secret key.  We know we have not done something correctly, but we do not have a clue.  Hoping to get some help here.
Hi, i have problem whith download Decrypting Cryakl from https://www.experts-exchange.com/articles/31579/Decrypting-Cryakl-1-4-0-0-1-4-1-0-FAIRYTAIL-Ransomware.html  (and decryptors.blogspot.com). Can help me whith download application?
I want test on CL I have one pc whith this encryptor. I know that he was installed through the RDP, and have some files and log's. Maybe you decryptor can help.
It will then be possible to transfer the information to others.

Thank you.

This is Azizah Alqahtani

I just sent you email like this bellow and you response to give you the python code ..

Could you please help me to solve this problem,

I have to convert a python code to a Java code

Or rewrite the code with the same idea ?

The code is about one type of substitution cipher ?

If you can , I will send you the assignment page and my friend’s answer in python..

I have a client with a windows 10 home edition os. He has come to us asking for a recommendation for encryption software to load on it.
My understanding is that because it is Windows 10 Home Edition, that he cannot load Bit Defender.
I am looking for some feedback as to whether anyone can recommend encryption software for this version of Windows 10 or as we already know, that he has to have Windows 10 Pro for Bit Defender to work.
Does anyone have James's decryption software for email-blackdragon43@yahoo.com.ver-CL
Your help would be apreciated. TY


Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.