Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

Share tech news, updates, or what's on your mind.

Sign up to Post

A most recent PCI scan of our ASA firewall has revealed multiple deficiencies. We use the firewall for remote access VPN connections using Anyconnect, with a minimum TLS level of 1.1.

The issues follow - I would like to know the most efficient way of addressing, using ASDM if possible;

- Weak Encryption Ciphers identified on VPN Device (Weak encryption ciphers, such as DES or 3DES, were identified as supported on this VPN device)
- Block cipher algorithms with block size of 64 bits (like DES and 3DES)
- Weak Diffie-Hellman groups identified on VPN Device (Use Diffie-Hellman Key Exchange Group 5 or higher where possible, or the highest available to the VPN endpoints)

It should be expected that all of our VPN endpoints are fairly current.

Would changing the DH group (from Group 2) to Group 5 and setting the TLS1.1 SSL cipher to MEDIUM (removes DES) accomplish this at little risk to VPN clients?

Current VPN connections (ASDM monitoring) indicate the use of AES256 but if you can suggest a command to provide better insight that would be appreciated.

Thanks in advance!
Cloud Class® Course: SQL Server Core 2016
LVL 12
Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

Have several folders I would like to encrypt and send to the cloud. Is BitLockering them enough, or should I use a third party software for such?
i have multiple files to encrypt using slift software.
I have the manual steps to encrypt but need help for encrypting it.
I have restriction not to store any password in the scripts hence it required password to be encrypted.
command is
slift.exe /e "sourcedirectory" /pfx "privatekeyfile.pfx" password /cer "partnerpublickey.cer"
can help how to script in powershell.
Bit Locker - Domain Controller

Is it possible to link this to active directory.
So that if a User activates Bit Locker - the password appears in AD - to ensure access if User forgets.

Also how does this work - if a User already has Bit Locker activated on their device.
And finally - is it possible to have this for a selected group - ie. there are some Users who have other encryption products on their devices whom we dont want to touch.
I have a small Access that is utilizing MacroShadow's code for a button that saves a report to pdf with a password using Bullzip and even emails it.   Huge thanks to MacroShadow for helping me to get this working.

Only one small problem left.  I have 6 different reports each with their own button.  I want to call the same Function regardless of which report button is clicked.  I can't figure out how to pass the report name to the Function as my variable (currently hard coded report name and paths).  

Can anyone help?  Thank you in advance.

Here is the code.

Option Explicit

Private Sub EmailPDFBtn_Click()
   Dim NameofReport As String
   NameofReport = "MemberDetailsReportAll"
   Call PrintReportAsPDFwithBullZip(NameofReport, , "C:\Users\tfoutz\Documents\RS Member Log\", "ReportAllByName.pdf")
   Call SendPDFbyEmail
End Sub

Option Explicit

Public Declare Function SetDefaultPrinter Lib "winspool.drv" _
                                          Alias "SetDefaultPrinterA" (ByVal pszPrinter As String) As Long

Function PrintReportAsPDFwithBullZip(ByVal rptName As String, _
                                      Optional sFilterCriteria As String = "", _
                                      Optional sDirectory As String = "", _
                                      Optional sFileName As String = "") _
                                      As Boolean
I created this thread at Wilders Security Forum without receiving a response, so I am trying here instead:

So to the problem: I installed DiskCryptor and being the ignoramus that I am, I encountered a problem, namely that I got locked out of my computer. Long ago, I used DiskCryptor without any problems; however, my computer now has UEFI, something which it seems DiskCryptor is not supporting. It is mentioned on the home page, and I knew the software had not been updated for long, but I just did what I did the last time I used it (maybe it sounds more stupid than it actually was?)

Anyway, what happened is as follows:

1. Windows refuses to load (after that I browse the DiskCryptor forums)

2. I figure out the UEFI is not supported and as such the bootloader is not working

3. Luckily there is a bootable bootloader a guy created (Yippie! I am saved!!! Or am I?)

4. After some tweaking in BIOS the bootloader starts...

5. Oh no! No disk drives are NOT detected in DiskCryptor! Not in "My computer", not in "Disk Management"... nowhere!

6. What to do? What to do? Ask on the DiskCryptor forum! WHAT? Registration is closed! What to do? What to do? Ahh, ask the pros at Wilderssecurity... (ehm... Experts-Exchange, I mean).

And here I am now, please help, guys and ladies!

The only thing I can think of now that might have to do with the problem is that I created the bootable bootloader in Linux (that took a while to figure out, let me tell you! Piece of cake on …

Does anyone know of a way / app / method that I can password protect a FOLDER without zipping it.

I use 7zip at present but have to zip folder to password protect and im trying to avoid that.

Any Ideas.


I have created a windows form application where I am connecting to a database. The database connection string is currently stored in the App.config file, but the string is stored as plain text. Which is not good as the DB password is readable and therefore vulnerable.

Please could you advise the best approach on how to secure the connection string? The application will be used on multiple machines but ran from a single shared location (not installed on each machine).

My thought was to create a separate application that would convert the connection string to an encrypted string using a password. The decrypt function would be added to the end user application and the encrypted string copied and pasted into the app.config. Using the encryption key along with the decrypt function the end user app should be able to decrypt the connection string.

My issue is that I do not know what type of encryption to use or which type in .NET is the newest.

I am using .NET Framework 4.6.

Please could you help and provide examples as encryption is new to me...

Thanks, Greg
With the new GDPR regulations in place I am looking for a service to encrypt certain emails (Payslips, etc) which contain sensitive data.

We are using Office 365 for our email service and I have looked into the encryption services provided by Office 365 but none really suit what we are looking for.

I have looked at encrypting the documents within the email through “7Zip”. Has anyone a suggestion on a service we could use that would make us GDPR compliant when sending sensitive emails or would 7zip or something similar work?
My boss just told me that Microsoft is recommending log encryption after reviewing our latest Risk Analysis.  Is there anyone making that work today?  Encrypting all log data?
Get your problem seen by more experts
LVL 12
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

In a meeting we were told that it is possible to know or identify if a user hit a specific page and it’s contents even if the page is locked.  We understand that when a page has a lock it means SSL and that the data to/fro from the site to computer is encrypted.  Is this possible that even thought the page has a lock, there is  a way to identify the encrypted page that the user visited and identify the contents, if it has form or just regular page?
Dear Experts

When we enable encryption in windows 10 systems it encrypts when we store documents, what exactly happens here as we take the stored files from the encrypted  and transfer it via email or copy to USB or share it in network drive all those other side people who have access can open and read or modify based on permissions does it mean it is not file level encryption I mean whoever know the system password files are accessible if someone wants to crack the harddisk then the file formats stored is not as per the document extension like .docs, or .exls please help me to understand this.

2. what does it mean server side encryption like next cloud deployment says we can enable server side encryption how is it different from ssl enablement that is user accessing through https,
please help me understand above two , thank you very much in advance.
i'm missing something in my cryptography understanding.

i've looked through several sources and want to verify im getting this right.

the 3DES process:

3 56 bit keys act on a 64 bit block of data.
Key1 encrypts the data, Key 2 decrypts the data, and then Key3 encrypts the data
some implementations use the same key for Key1 and Key3, so effectively in those implementations the total key length is 112, if 3 different keys are used, it's 168 bits.

so, we send the data across the wire and we want to decrypt it.

we take Key3 to decrypt the ciphertext, which still yields ciphertext, because we have to encrypt this ciphertext with Key2, and then go through the 3rd step which is to decrypt that ciphertext, and finally get plaintext.

is this correct?

any further input is very welcome


We have a Server 2012 R2 file server with several department shares.

I wasn’t even aware we had EFS until recently I noticed one of the folders was in green text.

The issue is it seems a few users have been creating folders and right clicking and selecting encrypt.

Now, even I as the network administrator can’t gain access to these folders, only the person who created them.

When I check the security permissions I still have full permissions , but under encryption I’m only listed as a recovery user?

My question is how can I remove the encryption and and it make it so anything that gets encrypted I can still access?

Or should I be looking at a different product.

I have been working for a week or so to get Office 365 Message Encryption (OME) to work for a client for GDPR purposes. First EE post here

Last week, once I enabled the RMS Template, via Outlook Web Access, I could Protect emails using either the 'Do Not Forward' template or the 'Encrypt' template,

Today I have been working on getting these options to appear in Outlook on the desktop as that is what most of the client's users, use. It took a while.

I read from here that you need to have at least build 1804 for it to work. So having updated my Outlook to the latest version:
Outlook - latest versionand I think waiting a few hours, I now have:
Encrypt button in OutlookAwesome.

I sent a test email (including Excel attachment)to my Apple account and I get the 'XXXX has as sent you a protected message' and I can click on the link to open the OME portal and request a one time passcode to open. We have already run the
Set-IRMConfiguration -DecryptAttachmentFromPortal $true

Open in new window

powershell command to allow the recipient to download the attachment without issue so that all works fine.

However, when I send the same test email (including Excel attachment) to another Office 365 user (same tenant or a different tenant and try to open the email in Outlook (not OWA) I get:
Outlook errorIf I fire up OWA (from the account I sent the email from) and try to open the same email it works fine. I can see the email in the message preview:
When I look at the elliptic curve information for some VIPs in my Netscaler Load Balancer - I see
that there might be four or five lines dedidicated to elliptic curves. I forget the numbers
but one might be 128, 164, then 256, then 324 - let's say. Now I understand the larger the
number the higher the encryption level. But why would a vip have several elliptic curves
associated with it instead of just one?

We have a basic file server (Server 2018) with the old fashioned shared network drives for various departments with on premises security groups in AD.

Is there any way (or what would be the best way) to encrypt the files on the sever to prevent staff members plugging in a USB stick and taking all the documents? Or emailing them.

Obviously there must be a way to legitimately be able to email a document in certain circumstances also.

Hopefully this isn’t unique to our organisation....

Cannot open encrypted e-mail from and individual.

Using MS Outollk 2013

Error: Outlook could not find encryption key used to encrypt message.

Can send signed and encrypted e-mails just fine.
I need an encryption solution for my company and we need some password free encryption for our users. I found a great article about the perfect solution for our problem in this https://www.experts-exchange.com/articles/25879/A-new-aspect-to-securing-USB-data-SID-protectors.html article. I was wondering do we need MBAM tool to manage the encryption process if we follow the process described in the article or we need a third party software for that? Can we restrict users to get access to public key as well. Thanks in advance for your help.
Keep up with what's happening at Experts Exchange!
LVL 12
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Decrypt a Veracrypt drive - lost Windows password. I have a laptop where a user has changed their Windows password and we dont know what that is. The laptop drive is encrypted and I know the password to that and can get past that to Windows . None of the password unlock tools will work. They cant detected the drive due to the encryption. I have taken the drive out, put it in another machine that has Veracrypt on it and tried to decrypt it that way but it wont accept the password that otherwise works when the drive is in its original chassis. I'm out of ideas and wondered if there is anything else I can try - or -am I at the end of the line?  thanks
I have recently taken over Administration of a clustered SQL Server (2014) that is located within my client's domain.  

The client has dictated they have sysadmin access to the SQL Server and Administrator access to the Servers.

Our product relies on between 500 and 1000 stored procedures that currently reside in various databases on the server.  

These procedures have been created using WITH ENCRYPTION to mask the logic of the product from the client.

However, since encrypted stored procedures are not very secure, I am looking for an alternative method.  

This client is unique in their requirements (sysadmin and Administrator access) and there are various other installations with different clients.  

When there are updates to the system they need to be deployed to all clients with minimal overhead.

Are there products or features that can:
a) fully hide the text of the procedures from sysadmins / Administrators;
b) allow new procedures to be deployed with minimum deviance from the method employed for other clients' databases;
c) provide the flexibility of being able to run procedures via SQL Agent or directly in Management Studio?

Many thanks
We have enabled Azure Information Protection for an Office 365 Client (they are using E3):
1.PNGNote that this tenant was created a few years back s didnt have the default labels.
So we have created some labels
2.PNGThe Global policy applies to all users and the 'IT' policy applies to just me.
I have installed the Azure IRM Client onto my PC, restarted Outlook and now I see the following when opening a new email:
3.PNGWhich is perfect,

The issue is that any label which has Protection enabled, say the 'U.K. ID - Attachment Encryption' one, if I select it I see:
4.PNGHere is how that Label is setup:
Now, I can go into the Office 365 Exchange Admin portal and configure Mail Rules like this:
7.PNGwhich works perfectly. Here are the RMS Templates available to me:
So, my questions/issues are:
  1. How can I resolve the error, when selecting a Protect Label from withing Outlook 2016?
  2. Where are the RMS Templates coming from? It doesn't seem to match the list of Labels

The end goal here is to allow Outlook users to apply a Label which will encrypt the email. If I am using the wrong element then please do let me know.
That will do for now!

Dear Wizards, according to this article: https://en.wikipedia.org/wiki/Triple_DES, the 3 DES algorithm is
ciphertext = EK3(DK2(EK1(plaintext)))

Why don't they just use like
ciphertext = EK3(EK2(EK1(plaintext)))

What are the differences in terms of security between DK2 and EK2 here? Many thanks!
We had an EE question, "Can Hibernating interrupt volume creation process of truecrypt or veracrypt", answered: hibernation will not interrupt the volume creation process.   Nevertheless, our supervisor has requested some technical link that would support the claim that it doesn't hibernation will corrupt the volume creation.  Below an image of a link sent to him that makes him think the volume can be corrupted:

Though we showed our supervisor by copying to/from small files of said volume hibernated while being created, he still requested evidence (mostly because the his users will be copying 200gb files to the volume); we are still searching.

Can any EE provide some link supporting that if a volume creation is hibernated will still work fine; like one of the EE said "hibernating does not hurt the encryption process".

Thank you

As MySQL and MariaDB support ONLY Encryption at rest (inactive data ), data sent to the client are NOT encrypted. we want to make data encrypted all the way.

anyway to make it support encrypt all the way across the network ? SSL VPN ?

and MySQL can only do:

1) Partial log encryption.

and it offer :

1) NO external key management.

2) NO Authentication: SASL/SCRAM.

3) Do not supports data obfuscation for anonymization and data masking for psuedoanonymization.

4) Do not have Auditing: output – syslog.

5) Do not have Data masking (full and partial).

Any work around on all that ?


Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.