[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Encryption

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

Share tech news, updates, or what's on your mind.

Sign up to Post

I'm using manage-bde.exe to allow some power user to encrypt their USB Stick.
I have a DC (Windows Server 2012 R2) with 100 hunder windows 10 pro laptpos.
The users don't have admin privlege on their machines.
I found that changing  WMI privilege manually  (ROOT>CIMV2>Security>MicrofostVolumeEncryption) and adding manually the specif account and giving him  "execute method" privilege allow the user to run the encryption without possessing admin rights.

I'm trying to create a script that I'm going to push via GPO to apply the needed changes.
I tried using this method  without success.
I can dump the privlege. Applying them give no errors but no changes are done.
Both operations are done with local admin account.
Thanks.
0
PMI ACP® Project Management
LVL 12
PMI ACP® Project Management

Prepare for the PMI Agile Certified Practitioner (PMI-ACP)® exam, which formally recognizes your knowledge of agile principles and your skill with agile techniques.

Hello experts,

I have a 3rd party vendor and they are asking me to send them PGP public key. they want to transmit the file and encrypt it using this public key I should be providing them and they sign it with a file that is an *pgp_public.asc file, they sent me the file.

My question is how to generate PGP public key? and what do I do with this file that they are using to sign the files. what is the process of viewing this file after receiving it from the 3rd party.

Thanks,
0
PGP for free?

Absurd question maybe but if I Google for "PGP Windows x86 32 bit" I am not presented with a list of freeware products but presented with several paid for products. I am a cheapscate  and expect everything for free including a PGP encrypter program for my crappy 32 bit Windows version 10 notepad.

So where do I go to (my lovely) to get free encryption for my Windows 10.0 32 bit craptop tablet?
0
Hello
does anyone know if there is a decryptor for ransomware extension ending in bgtx.. it is a variation of dharma encryption.
0
Hi Experts,
can someone explain the procedure for generating certificates.

I am new to this I want to Generating private key for SFTP connection, i have a file that has a *.asc extension and i want to generate to private key and send it to third party.

Thank you,
0
Dear expert support

We have issue and required your help : we are implement Bitlocker feature with the users ( different PC models )  90 % is working fine but the issue with 10 % is asking the key every reboot.

Note: this issue dont related to computer model , generally with different models

Regards
0
What are the steps necessary to determine if a certificate is 128 bit or 256 bit?
0
I forgot the zip password of a file that I previously zip (think with AES256) :
any free tools to unzip/crack it & will it be faster to do it if I use a i7
computer with SSD?
0
Backed up a MAC to Time Machine with encryption enabled. Backup complete now its encrypting data which my understanding takes awhile, much longer than the backups. I turned off Time Machine hoping it speeds up the encryption process. Question, I hoped to do a rebuild on the MAC and reinstall the OS after the backup. Will I be able to recover my data (don't want to re-image from the backups just recover data) prior to the encryption process finishing? It's been on 6% for awhile.
backup
0
Hi - I have a client that travels a lot with her laptop and has sensitive data on it.
I suggested that we encrypt the hard disk so that the data is protected should it fall into the wrong hands.
The problem is that she is running Windows 7 Pro and therefore does not have Bitlocker on there. I am only familiar with the latter program when encrypting, so i wondered which software , preferably free (if reliable) otherwise paid, would you suggest.

Thanks
D
1
Rowby Goren Makes an Impact on Screen and Online
LVL 12
Rowby Goren Makes an Impact on Screen and Online

Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.

HELP PLEASE...
We are centralising departmental data from local file servers across Europe into a new File Server in Azure in view of GDPR.

We've locked down Azure disks with Encryption (KeyVault), BitLocker etc. and we have enabled the following settings on the Azure File Server for user access to Shares;
  • Enable access-based enumeration
  • Allow caching of share
  • Enable BranchCache on the file share
  • and Encryp
t data access

We have successfully migrated some data and presented users with a 'Drive Map' via Group Policy, and locked down access as you do with AD Security Groups.

The issue we have is that Windows 10 users are fine, but none of the Windows 7 Users are able to receive the Mapped Drive, and we cannot manually map the drive without getting the 'Access Denied' message.

I have found out though that when the 'Encrypt data access' setting is disabled (unticked) on the Azure File Server we don't get the 'Access Denied' message and can map drives.

However, this setting needs to be enabled (GDPR) and the reason for it not working is because Windows 7 uses SMB version 2.1 and the Azure (2016) server uses SMB version 3.0 as a minimum for SMB Encryption.

We have around 1,000 users on Windows 7 so without upgrading those users to Windows 10 right now how can we get round this issue ensuring the 'Encrypt data access' option is enabled and Windows 7 users can access the data?
In advance thank you for your support.
0
Can anyone recommend an full disk encryption software with a management console that will work with GPT disk on a windows 7 professional machine. Rebuilding / Upgrading the machine to Windows 10 isn't an option currently.

I have already looked at Symantec encryption and Sophos Safeguard both these dont work with the above

Any help would be greatly appreciated.

Thanks
Stephen
0
Ransomware Nozelesn
Is there a good decryption tool available for this ransomware encryption?
0
I need Help with code implementing Sha512 in VB6

here is part of the code and the ???????? is what i need help with
think I am getting close if you review the text below

'1
Dim My_Url_ToSend As String
My_Url_ToSend = "https://bittrex.com/api/v1.1/market/buylimit?" & tx_APIKEY & "&nonce=" & Trim(str(Time())) _
& "&market=" & txCurrencyBaseSelection & "&quantity=" & txLimitOrderAmount & "&rate=" & txLimitOrderPrice
'2
Dim signback As String
signback = ????????(My_Url_ToSend, tx_APIKEY_SECRET)
'3
G_xmlhttp.Open "GET", signback
G_xmlhttp.send ""
txResponseText = G_xmlhttp.responseText

Open in new window


 the ???????? is I think what i need help with

i found this code here:
VB6 Hash Class - MD5 , SHA-1, SHA-256, SHA-384, SHA-512
http://khoiriyyah.blogspot.com/2012/06/vb6-hash-class-md5-sha-1-sha-256-sha.html
(code is pasted below), is uses "advapi32.dll"

It seems to work well

if i use   txEncripted = CreateSHA512HashString(txToEncrypt)

"The quick brown fox jumps over the lazy dog"

it does return the correct  SHA512Hash  

"07e547d9586f6a73f73fbac0435ed76951218fb7d0c8d788a309d785436bbb642e93a252a954f23912547d1e8a3b5ed6e1bfd7097821233fa0538f3db854fee6"


Now a server is giving me a Secret_Hash_Key , and a Sign_In Key.
I have a URL to send back
I'm not sure what to do next?

the php? example that was provided is:
$apikey='xxx';
$apisecret='xxx'; 
$nonce=time(); 
$uri='https://bittrex.com/api/v1.1/market/getopenorders?apikey='.$apikey.'&nonce='.$nonce; 
$sign=hash_hmac('sha512',$uri,$apisecret); 
$ch = curl_init($uri); 
curl_setopt($ch, CURLOPT_HTTPHEADER, array('apisign:'.$sign)); 
$execResult = curl_exec($ch); 

Open in new window


VBA example
nonce=int(round(time.time()*1000))
url ='https://bittrex.com/api/v1.1/market/getopenorders?apikey='+api_key+'&market=BTC-QTUM&nonce=' + str(int(time.time()))
signature = hmac.new(secret_key,url.encode(),hashlib.sha512).hexdigest()
headers = {'apisign': signature}
req = urllib.request.Request(url, headers=headers)
response = json.loads(urllib.request.urlopen(req).read())

Open in new window


This is my Current VB6 implementation without the encryption above added
Dim G_xmlhttp
Set G_xmlhttp = CreateObject("MSXML2.ServerXMLHTTP.6.0")
Dim URLA As String
URLA = "https://bittrex.com/api/v1.1/market/buylimit?" & tx_APIKEY & "&nonce=" & Trim(str(Time())) _
& "&market=" & txCurrencyBaseSelection & "&quantity=" & txLimitOrderAmount & "&rate=" & txLimitOrderPrice
G_xmlhttp.Open "GET", URLA
G_xmlhttp.send ""
txResponseText = G_xmlhttp.responseText

Open in new window

0
I currently have bitlocker encryption enabled on a Windows 10 pc. With bitlocker, only one user is allowed to be logged on at a time. By default Windows 10 has a setting that keeps the last user logged in if they didnt explicitly log off, even if the pc is restarted or shutdown. Is there a way to log a previous user off so that another user can log in to a pc. The first user is unavailable to log in then log off.
0
Hi All,

Wondering should I enable backup file encryption for my Veeam backups? It make seance to do so of course but will it have a significant impact on backup and restore times?

thanks
0
Hello I recently changed some GPO's at domain level, now when a HDD that's encrypted with BitLocker in plugged in we get a message that say's "Group Policy requires that for this drive to be writable, either  auto-unlock must be set or a smart card must be used.  A password alone is not sufficient."  Not sure what policy controls this, also on my DC running server 2016 when i click to unlock drive nothing happens.
0
Office 365 transportrule that reject mails without encryption.
We have a domain secure.xx that only needs to send encrypted mails using a 3rd part supplier using one specific email address.
I would like to create a transportrule that rejects other users from sending mails without encryption.
I know the -ExceptIfMessageTypeMatches "Encrypted" but I can't find a solution to add an "unencrypted" switch.
Any ideas?
0
Good afternoon

Currently in vmware version 6.5, where it offers encryption options.

  Is it advisable to encrypt the server where I have installed the vcenter?

If I decide to encrypt it, would it have any kind of inconvenience?
0
Become a CompTIA Certified Healthcare IT Tech
LVL 12
Become a CompTIA Certified Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

I want to add below cipher suits in my Windows Server 2008 R2 SP1 Standard as required by our security team. As per my research (see below links) these cipher suits are not supported by Windows Server 2008 R2 and are only available in Windows Server 2016.  Can someone conform me this? Also please let me know if there is any possibility to use these ciphers.

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

https://docs.microsoft.com/en-us/windows/desktop/secauthn/cipher-suites-in-schannel

https://docs.microsoft.com/en-us/windows/desktop/secauthn/tls-cipher-suites-in-windows-10-v1607

https://docs.microsoft.com/en-us/windows/desktop/secauthn/tls-cipher-suites-in-windows-7
0
after changing password on a different system user is unable to log into his encrypted laptop. is there a way to resolve this issue using the McAfee EPO web interface
0
We continue to fail a PCI scan on our Cisco ASA firewall due to cipher vulnerabilities as following (Note - all on UDP port 500,  TLS minimum set to TLS1.1);
- Weak encryption ciphers, such as DES or 3DES, were identified as supported on this VPN device.
- Weak Diffie-Hellman groups identified on VPN Device. Use Diffie-Hellman Key Exchange Group 5 or higher where possible, or the highest available to the VPN endpoints.

We use the Cisco Anyconnect client for connections, with all clients accessing AES256

After setting the firewall DH group level to 5 and Cipher security level to MEDIUM (no DES/3DES support) I am still seeing PCI failures due to DES/3DES and a DH group level of 2.
Can anyone explain this (and how to resolve)? Does the ASA require a reload to use the new settings?

Following is the cipher information from the firewall;
asa1234x# sh ssl cipher
Current cipher configuration:
default (custom): AES256-SHA:AES128-SHA
  AES256-SHA
  AES128-SHA
tlsv1 (medium):
  DHE-RSA-AES256-SHA
  AES256-SHA
  DHE-RSA-AES128-SHA
  AES128-SHA
tlsv1.1 (medium):
  DHE-RSA-AES256-SHA
  AES256-SHA
  DHE-RSA-AES128-SHA
  AES128-SHA
tlsv1.2 (medium):
  DHE-RSA-AES256-SHA256
  AES256-SHA256
  DHE-RSA-AES128-SHA256
  AES128-SHA256
  DHE-RSA-AES256-SHA
  AES256-SHA
  DHE-RSA-AES128-SHA
  AES128-SHA
dtlsv1 (medium):
  DHE-RSA-AES256-SHA
  AES256-SHA
  DHE-RSA-AES128-SHA
  AES128-SHA
asa1234x#
0
END TO END encryption.

Looking for 3rd party or digital certificates that allow for end to end encryption of emails.   The client would like to send an email from their outlook in an encrypted format (as data is sensitive) and have it reach the recipient encrypted.  but also have the recipient reply back to the email and have that be encrypted in the return path (thats the tricky part).  Here's where it gets tricker---looking to see if there's software out there that can integrate it as an outlook plugin.
0
A most recent PCI scan of our ASA firewall has revealed multiple deficiencies. We use the firewall for remote access VPN connections using Anyconnect, with a minimum TLS level of 1.1.


The issues follow - I would like to know the most efficient way of addressing, using ASDM if possible;

- Weak Encryption Ciphers identified on VPN Device (Weak encryption ciphers, such as DES or 3DES, were identified as supported on this VPN device)
- Block cipher algorithms with block size of 64 bits (like DES and 3DES)
- Weak Diffie-Hellman groups identified on VPN Device (Use Diffie-Hellman Key Exchange Group 5 or higher where possible, or the highest available to the VPN endpoints)

It should be expected that all of our VPN endpoints are fairly current.

Would changing the DH group (from Group 2) to Group 5 and setting the TLS1.1 SSL cipher to MEDIUM (removes DES) accomplish this at little risk to VPN clients?

Current VPN connections (ASDM monitoring) indicate the use of AES256 but if you can suggest a command to provide better insight that would be appreciated.

Thanks in advance!
0
Have several folders I would like to encrypt and send to the cloud. Is BitLockering them enough, or should I use a third party software for such?
0

Encryption

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.