Encryption

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

Share tech news, updates, or what's on your mind.

Sign up to Post

i have lost my encryption key , can i recover the same for encrypting data 9928873103
0
Free Tool: Path Explorer
LVL 9
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Hi experts!

I enabled BitLocker, which appeared to encrypt the drive successfully, then rebooted my Dell Latitude Windows 10 laptop (TPM enabled).

Unfortunately Windows won't boot any more; initially it was booting to a cmd prompt 'LoginUI.exe' and allowing me to enter my username and password, but then saying that the windows event notification service failed to start.

Now it doesn't even get that far; it boots straight in to the repair mode, and I've tried every option without any luck. Auto repair fails to find a problem, reset this PC doesn't work, system restore, startup repair, go back to previous build etc. I also tried all the bootrec commands without any joy.

Any ideas please? Otherwise I'll just have to throw a new SSD in and try recover my files.

Thanks
0
is there any Tool available to Decrypt  n1n1n1 Ransomware?
0
Is there a software you can recommend to perform this?


Thanks.
0
Hi!

Is it possible to encrypt/decrypt data that is being transmitted through serial connection (RS232) for two devices without using any hardware?

Thanks,

Randy
0
Hey guys.

So I understand the security setting in the policy and that generally the advice is "Turn off FIPS encryption". I know that the symptom is that you send a MSRA request to a client on your domain and the remote assist launches on the reciepent client PC but they never get asked to accept the session and it seems the request dies during the handshake.

At the moment one work around I am using is remoting into another machine w/o FIPS enabled in the GPO; but this is a work around and will not last. Sadly my searches never yielded a good guide to what to configure to use FIPS encryption. Thats what I am looking for.

I have complete admin control over the sender and reciepient. I can also talk to my AD guys if there are trweaks that we might need to do at the network level; but I assuming we can probably avoid needing their involvment. We are running Windows 10 Workstations with a few 7 Enterprise machines sprinkled in.

Advice/help?
0
i got key for encryption and KCV value to validate key.
how can i do it with java OR online.
0
After configuring the RC4-HMAC-NT, AES128-SHA1 or AES256-SHA1 Kerberos authentication mode is set but when using the DES-BSC-CRC or DES-CBC-MD5 encryption type, from the client machine [windows 8.1] while connecting to the principal
 Kerberos authentication mode is not set and while trying to login it asks for password.


 To perform the kerberos connection test configuration is done as follows:

1. Set up AD DC on windows server 2012 R2 and windows client 8.1 is used

2. Created a domain user and checked the corresponding option in case of DES-CBC-CRC and DES-CBC-MD5 "Use Kerberos DES encryption types for this account".


 3. On the windows server 2012 R2, in local Policies->Security Options ->"Network Security: configure encryption type allowed for Kerberos" DES_CBC_CRC or DES_CBC_MD5 along with  RC4_HMAC_NT is selected.


 4. On windows 2012 R2, by using ADSIEDIT.msc, value of  msDS-SupportedEncryptionTypes is set to 5 or 6 accordingly.


 5. On the windows client machine [windows 8.1] which is in same domain, in local Policies->Security Options ->"Network Security: configure encryption type allowed for Kerberos" DES_CBC_CRC or DES_CBC_MD5 along with  RC4_HMAC_NT is selected.


 6. Created keytab file on windows 2012 Server R2 by using the KTPASS command [corresponding encryption type is used with -crypto option]


 ktpass -princ host/<host name>@domain name -mapuser <domain user name> -pass <passwd of domain user> -crypto DES-CBC-MD5 -ptype …
0
Hello all,
my DPM tape backup is encrypted with a certificate.
I do not have a certificate, and can't remember issuing one.
the old certificate had expired, and a new one had been generated in APRIL.
we can't use the expired one, we need the APRIL one that i don't have and i can't recall creating it.

is it possible that it was auto renewed by the DPM server automatically ? or this certificate must've been generated and imported into the DPM certificate store manually by someone else ?

PS: we can't export the certificate, as we lost the DPM used to do the backups.

Thank you
0
One of my client system got encrypted with the frogo file extension. Is any tool available for decrypt these files.
0
Technology Partners: We Want Your Opinion!
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

My Testing Lab.

AD1 192.168.100.1/24
AD2 192.168.100.2/24
EX1 192.168.100.4/24 ( exchange server 2016)
EX2 192.168.100.5 /24 (exchange server 2016)
Haproxy 192.168.100.7/24

On the client outlook direct ex1 or ex 02 can connect with POP3 with 995  & 110 .

HA proxy health check is ok for  995 only . 110 service is down .

On the client outlook direct  Haproxy can connect  110 only .When i connect with POP3 (995) . Following error show

Log onto incoming mail server (POP3): Your server does not support the connection encryption type you have specified. Try changing the encryption method. Contact your mail server administrator or Internet service provider (ISP) for additional assistance.

I don't know what is my problems.
0
This has been going on way too long. I tried to force quit by shutting down after unlocking the decryption but it won't work...help!!
0
Hi experts, i want to change PHP to POWERBUILDER, any help please!
below the php script :

========encrypt===============
function mc_encrypt($data, $key)
{
/// make binary representasion of $key
$key = hex2bin($key);

/// check key length, must be 256 bit or 32 bytes
if (mb_strlen($key, "8bit") !== 32) {
throw new Exception("Needs a 256-bit key!"); }

// create initialization vector
$iv_size = openssl_cipher_iv_length("aes-256-cbc");
$iv = openssl_random_pseudo_bytes($iv_size);

/// encrypt
$encrypted = openssl_encrypt($data, "aes-256-cbc", $key, OPENSSL_RAW_DATA, $iv );

/// create signature, against padding oracle attacks
$signature = mb_substr(hash_hmac("sha256", $encrypted,  $key,   true),0,10,"8bit");

/// combine all, encode, and format
$encoded = chunk_split(base64_encode($signature.$iv.$encrypted));

return $encoded;
}

========decrypt===============
function mc_decrypt($str, $key)
{

/// make binary representation of $key
$key = hex2bin($key);

/// check key length, must be 256 bit or 32 bytes if (mb_strlen($key, "8bit") !== 32) {
throw new Exception("Needs a 256-bit key!"); }

/// calculate iv size
$iv_size = openssl_cipher_iv_length("aes-256-cbc");

/// breakdown parts
$decoded = base64_decode($str);
$signature = mb_substr($decoded,0,10,"8bit");
$iv = mb_substr($decoded,10,$iv_size,"8bit");
$encrypted = mb_substr($decoded,$iv_size+10,NULL,"8bit");

/// check signature, against padding oracle attack
0
Hi All,

After encrypting some laptops with DiskCryptor, they all seem to go into Automatic Repair for Windows 10. Can i format the machine and start again, or do i have to decrypt these?
0
ive been hit with a ransomware attack
I can still use the computer but all word docs have been encrypted
I can open docs but they are blank
is my only option paying or can I get these back?
they are requesting over £800
0
i got below exception with AES256 algorithem encryption/decryption.
java.security.InvalidKeyException: Illegal key size exception

But i fixed issue by following below link Info. But i am not allowed to updated java policy files..
Is there any other approach to fix issue?

https://deveshsharma.info/2012/10/09/fixing-java-security-invalidkeyexception-illegal-key-size-exception/
0
Hi All

I was asked to do simple Proof of concept on Oracle encryption on one of my Lab environment.

DB Version :11.2.03

THANKS
VINAY PALAPARTHY
0
I have a .txt file containing a yahoo contacts list that looks to be purposely encoded incorrectly to obscure the contents of the file.

I'm no techie.  Is there a software or process that can be used to restore the proper encoding and reveal the contents of the file?
0
I have a domain with four domain controllers in place.
Two DCs have DES enabled - see key in HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\parameters\ - and two other where DES is not enabled.

I have a webapp that uses DES to allow Single Sign-on.

What I don't understand is the following issue:

when I use a PC and confirm the authenticating DC by issuing the command "set logonserver", this is a DC where DES is not enabled. However, I can still use DES. Using Klist I can see the following ticket being issued

Client: myuser @ my.domain.com
Server: HTTP/webserver.my.domain.com @ MY.DOMAIN.COM
KerbTicket Encryption Type: Kerberos DES-CBC-MD5
Ticket Flags 0x40a10000 -> forwardable renewable pre_authent name_canonicalize
Start Time: 6/30/2017 11:49:57 (local)
End Time:   6/30/2017 20:03:26 (local)
Renew Time: 7/7/2017 10:03:26 (local)
Session Key Type: Kerberos DES-CBC-MD5

How is that possible ? Is it possible that despite being authenticated by one DC (where DES is disabled), this kerberos ticket is issued by a different DC (where DES is enabled) ?

Thanks for any input.
0
2017 Webroot Threat Report
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

We have a service user configured for DES encryption that is generating a TGS error.
Looking at the registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\parameters, I see that some DCs are configured with the value 0x7ffffffc (2147483644), but some don't have this key altogether, therefore are not supporting DES Encryption.

What baffles me, is that the policy "Network Security: Configure encryption types allowed for Kerberos" is set to "NOT CONFIGURED" for all DCs.

So, why do you think this setting is enabled on only some DCs even when is not set by a policy ? I have a variety of Windows 2012 and 2003 Domain Controllers.

Thanks!
0
We have an ADFS server set up that we use authenticate our domain users for Skype for Business online. This works successfully so I know that the basic configuration is correct. I have created a relay trust with one of our application partners, who have written their own STS system. When clicking on the link to the application, we are redirected to our AD FS front end but we're unable to login. Speaking to our partner, they're saying that the claim we're producing does not include the name id which they need to allow us to login. The relay trust has been set up without encryption or signing requirements and I have set up a rule that based on the Mapping of LDAP Attributes to outgoing claim types with the LDAP attribute being E-Mail-Addresses and the outgoing claim type Name ID.

When trying to connect, 2 events are generated in the AD FS Admin log of the ADFS server. These events are;
1)   Event 303. The Federation Service encountered an error while processing the SAML authentication request (MSIS0037: No signature verification found for issuer https://xxxxxx
2) Event 364 . Encountered error during federation passive request (MSIS0037: No signature verification certificate found for issuer https://xxxxxx

The site https://xxxxxx (which is set up as the identifier in the relay party trust) has a mismatched certificate name but as signing and encryption are switched off on the trust, I don't understand why I'm seeing the message and why the token is not being generated.
0
Hello sir , i'm using WCF services in both web application and android . Now i want to implement encryption and decryption of various id's  so if i apply the encryption and decryption then on the web end i can easily manage the code but for android developer this is very hectic problem therefore suggest me how can i manage the code.
0
I have a number of old word documents that I need to migrate to pdf but first I need to save them as DOCX but I want to save them without the Encryption password (which I have).

Anybody know how to do this?
0
I set up one of four laptops as usual, enabling TPM, turn on bitlocker and require a bitlocker PIN at boot to log onto the computer. In my setup, I create an original admin account (named - pallap005), a standard account (named - clinical) and then enable the default admin account. Once that is done then I disable the pallap005 admin account. In this case, I disabled my pallap005 admin account  before I enabled the default admin account leaving only my standard user account (clinical) available. I need to know if I can enable the admin account and how do I go about doing this?
0
Hi All,

 

I have been tasked with setting up a secure file transfer mechanism for our organisation.

We have created the private keys etc. using Kleopatra and are able to encrypt/sign (with asci armor) and decrypt and exchange files with our partners successfully.

I would like to automate the process as follows.

Users place files in a folder based on a Fileserver.

GPG4Win (based on our SFTP Server) is scheduled to check the folder, encrypt any files it finds placing the encrypted file on the SFTP server’s Outbound folder and DELETING the original file on the Fileserver.

I am able to automate the encryption but the original file stays in place. When using the GUI there are options for the following, “Remove unencrypted original file when done”

I am using the following syntax

 

Gpg2 –batch –recipient xxxxx  –encrypt-files –armor C:\Location\*.txt

Which creates the encrypted the files in the same location and the orginal files still remain.

 

I have tried a number of different options, none of which worked for me.

If I am able to to encrypt/decrypt and point the files to an alternative location and remove the orginals then I would be extremely grateful for the help.
0

Encryption

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.