[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More



Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

Share tech news, updates, or what's on your mind.

Sign up to Post

Application using ssl3 version of ssl library in server side for security purpose. How to enable SHA512 algorithm instead of SHA256 while encrypting data?

Shall I set SHA512 from SSL* apis?
C++ 11 Fundamentals
LVL 12
C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

I got the error when I installed php-mcrypt below:
sudo apt-get install php-mcrypt

sudo apt-get install php-mcrypt
Reading package lists... Done
Building dependency tree      
Reading state information... Done
Package php-mcrypt is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source

E: Package 'php-mcrypt' has no installation candidate

php -version
PHP 7.2.10-0ubuntu0.18.04.1 (cli) (built: Sep 13 2018 13:45:02) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.2.10-0ubuntu0.18.04.1, Copyright (c) 1999-2018, by Zend Technologies

in Oracle Virtualbox with Ubuntu. I saw someone installed it with
sudo apt-get install php7.0-mcrypt

However, no good for me.

Are any gurus shed some light to it. Greatly appreciate it.
I am in the process of disabling medium ciphers in order to satisfy our PCI scan.

But i am running into some discrepancy on 2 different Win 2012 R2 servers which is really weird.

Server 1
Before  - Grade B

TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)   WEAK       256
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)   WEAK       128
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)   WEAK       256
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)   WEAK       128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   WEAK       256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   WEAK       128
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)   WEAK       112
TLS_RSA_WITH_RC4_128_SHA (0x5)   INSECURE       128
TLS_RSA_WITH_RC4_128_MD5 (0x4)   INSECURE       128

After removing those i got grade A

Server 2
Before - Grade A even with weak ciphers

TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)   WEAK      256
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)   WEAK      128
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)   WEAK      256
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   WEAK      256
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)   WEAK      128
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   WEAK      128

After removing the same ciphers i got a Grade B complaining about this
This server does not support Authenticated encryption (AEAD) cipher suites. Grade capped to B

Sure enough the scan on the 2 servers shows that Server 2 is missing these 2 ciphers

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   ECDH x25519 (eq. 3072 bits RSA)   FS       256
Hi guys

If someone asks, how do you encrypt data in transit, then how would one answer that? That question is quite vague, no? I mean, we have VPN connections from site to site. We also have an MPLS network. Along with that, we have an email system with SSL certificates installed for the OWA, but then I wonder whether that means Outlook data is not encrypted but only encrypted when using OWA?

Any help is appreciated
hi guys,

If someone asks 'do you encrypt your data at rest'? on a Windows 2012 Fileserver, then how would you implement that? We also have Sophos AV  on all machines in case that helps?

Thanks for helping
We are an small independent financial institution that has grouped together with similar sized FI's in our region to take advantage of group security solutions.
Currently it is recommended by our 3rd party solution provider that we encrypt all laptops and PCs.
The majority of our PCs have roaming profiles with no sensitive or private information contained on the local PC.
I'm just sending this out as a general question to experts if you think encryption is necessary on roaming profile PCs.
My concerns are:
-If the PC reboots, in order to log in, the user has to have logged into that computer before to get past the preboot McAfee log in. We have a  lot of staff that move around, hence the roaming profiles. This can be cumbersome.
-I'm not sure how encryption affects roaming profiles
-lastly has anyone experienced issues with cloning encrypted PCs?

Any insights appreciated.
By "no co-mingling of tenants data", what are the things we look out
for in a cloud and a cloud service provider (CSP)?

a) encryption of database or the VM sits in an encrypted storage?
b) tenants' VMs can't reach each other, ie there' s microsegmentation
    or sort of 'virtual firewall' that blocks a tenant's VM from reaching
    to or being reached by another tenant's VM?
c) backups are encrypted?
d) CSP is certified ISO 27017/018 or PCI-DSS or ?
e) or the CSP has to be on private or hybrid cloud?
f)  or the CSP can offer a dedicated hypervisor to a tenant
    or a 'special storage' to ensure
   ... pls correct me or add on ...

Does AWS meet the above criteria?
Hi, we plan to deploy bit locker in various 10 and 20 user environments.  Should we use Acronis or something similar prior to utilizing BitLocker on workstations?  What are you feelings towards utilizing it on servers? Are there any other deployment ProTips ?   Is encryption already on the iOS ?  What should we use for encryption on these mobile devices ?
I am an independent consultant and I work with multiple clients.   Some of these clients provide me with a laptop and ask me to use their kit.

I use Google Drive to store all my data.  I find it extremely useful and powerful.  How can I protect the data being accessed by the IT department?  Can I encrypt the data on Google Drive so only I can view it?  I am concerned that my personal file on my clients (very nice laptop) can be viewed by them.  

I am looking for a nice easy solution - for example, is there any way of using the standard microsoft encryption solution - I am not familar with them.


Amazon Web Services
LVL 12
Amazon Web Services

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.


I have Dell Optiplex 7050 and has Window10 running on this pc. We use BitLocker for disk encryption. After I have  BitLocker encryption running and reboot It asks BitLocker recovery key.  Then I found the following steps seems to work:

Deactivate the TPMAutoProvisioning within Windows via the Administrator PowerShell:
1. Right click on the Start menu.
2. Type powershell, right click to run as admin
3. Type the command Disable-TpmAutoProvisioning and press Enter and make sure autoprovisioning is disabled.

Delete the TPM within the BIOS using the Clear option :
1. Restart the system and go to BIOS setup
2. Select "Security".
3. Click on "TPM Security".
4. Choose to Clear the TPM and then click yes to removing all keys from the TPM. (TPM will need to remain active).
5. Then exit and reboot into BIOS again to verify that the TPM is still seen as active.
6. Exit and reboot into the Window.

Activate the TPMAutoProvisioning again with the following PowerShell operation:
1. Right click on the Start menu.
2. type powershell and right click to run as admin
3. Type the command Enable-TpmAutoProvisioning and press Enter.

Under the tpm.msc make sure TPM management provided TPM status as ready to use, with reduced functionality.T hen
1. Turn OFF Bitlocker. Wait for  the hard drive to decrypt.
2. Turn ON Bitlocker. Reboot and no more ask Recovery Key.

It seems work after restarting the pc several times and it did not ask Bitlocker key until I shut it down…
Given the recent news around hardware encryption on some SSDs, I am looking to make a change both to my home network and suggest the change in our enterprise network, to disable hardware encryption in the Bitlocker GPO.

What I am unsure of, is what the impact of this change is on already-encrypted drives and what is the most effective way to manage any transition in that regard.

It's something we will likely look to test, but I thought I would ask the question in case someone else has already done so.

I have to draft a guideline for systems that interface with a CII system & need inputs:
currently, the interfaces concerned are limited to 3 types only:

1. files transfer
I can only think that the generally practices ie:
 a) encryption of data in transit (eg: using sftp instead of ftp/mapping a drive or NFS)
 b) encryption of data at rest if it's sensitive (tampered with)

2. API
how do we secure these (in particular APIs using microServices)??
I've heard of API needs to be certified so before requesting for it, need to be certain
else applications developers may question its relevance/usefulness

3. DBLink
Those sqlconnect  esp Oracle links to extract / update data.
Will need to define if the non-CII system is
   a) updating into CII, will have to be extra stringent but how?
   b) extracting from CII, just encrypting the sql calls

Oracle databases, weblogic are involved in the critical systems
while the less-critical systems may be Windows, Linux on
various apps (including mobile apps).

Editing thread to add Oracle as it relates to DBLink.
Running Windows 7 Professional SP-1 32-bit.  I have a folder with millions of files, most of which are encrypted with Windows EFS.  The folder, itself, is encrypted, but some of the files within it are not. I would like all the files to be encrypted, but I don't have a way of isolating the ones which still require encryption.  If I select the folder's security properties, and tick "Encrypt", to be applied to all the folder contents, I'd like to know if Windows needs to re-apply encryption to the files which are already encrypted, or only to the unencrypted files.  Changing the attributes of the entire contents would take weeks.
The user is required by work to have BitLocker Drive Encryption turned on.  They have a desktop computer.
Dell Inspiron 3670
Windows 10 Pro   10.0.17134  Build 17134    12 GB RAM   Windows 10 is up to date

Every time we try and turn on BitLocker, we are unable to start BitLocker and get message  "An internal error was detected"

How can we get BitLocker installed?

This is using IBM storwiz v3700 storage. The SSH service is available and we can connect with this SSH by using the assigned user account with correct password. BTW, how to change so as instead of using password, create the key-pair for the dedicated user account?

Thanks in advance.
I have a vendor that has setup sftp server and I am able to download the files to my local drive but I can not open the files and they are encrypted.

The vendor forwarded me the digital signature certificate , and I also have the pgp digital file.

I want to know where in in windows 10 I have to these files so my computer can open these files.

Thank you,
Previously when we transferred a 20GB gz  Solaris file down to PC's
local HDD & then from the local PC HDD, transfer to a USB HDD, our
DLP corrupted the gz file when it's transferred from local HDD to USB

We have since resolve that but to prevent untoward corruption in
future for copying of critical files to USB HDD,

Does Winscp has checksum feature that checks at Unix end & at
PC end?

If so I would rather use Winscp to transfer directly to USB HDD.
I'm using manage-bde.exe to allow some power user to encrypt their USB Stick.
I have a DC (Windows Server 2012 R2) with 100 hunder windows 10 pro laptpos.
The users don't have admin privlege on their machines.
I found that changing  WMI privilege manually  (ROOT>CIMV2>Security>MicrofostVolumeEncryption) and adding manually the specif account and giving him  "execute method" privilege allow the user to run the encryption without possessing admin rights.

I'm trying to create a script that I'm going to push via GPO to apply the needed changes.
I tried using this method  without success.
I can dump the privlege. Applying them give no errors but no changes are done.
Both operations are done with local admin account.
Why Diversity in Tech Matters
LVL 12
Why Diversity in Tech Matters

Kesha Williams, certified professional and software developer, explores the imbalance of diversity in the world of technology -- especially when it comes to hiring women. She showcases ways she's making a difference through the Colors of STEM program.

Hello experts,

I have a 3rd party vendor and they are asking me to send them PGP public key. they want to transmit the file and encrypt it using this public key I should be providing them and they sign it with a file that is an *pgp_public.asc file, they sent me the file.

My question is how to generate PGP public key? and what do I do with this file that they are using to sign the files. what is the process of viewing this file after receiving it from the 3rd party.

PGP for free?

Absurd question maybe but if I Google for "PGP Windows x86 32 bit" I am not presented with a list of freeware products but presented with several paid for products. I am a cheapscate  and expect everything for free including a PGP encrypter program for my crappy 32 bit Windows version 10 notepad.

So where do I go to (my lovely) to get free encryption for my Windows 10.0 32 bit craptop tablet?
Would like to assess the data analytics solution in terms of security/risk for service below
(which uses Cloud):

"AAA Solutions, a local- based data and analytics consultancy, provides Information Management and Analytics support to our clients. Our seasoned practitioners bring established tried and trusted models developed through years of practical hands-on implementation and successful project delivery of Data Warehouse, Business Intelligence & Analytics systems. We apply an optimum mix of descriptive, diagnostic, predictive and prescriptive methods to drive business value, cost efficiencies and manage risk.
    To establish the Forecasting & Analytics System (FAS) integrating with the top-of-the-line Business Intelligence system and automation of the external variable extraction process to streamline analytics workflow.
    Data Source is using Qlik N-printing;
    Data Integration & Transaction svcs is using MS SSIS;
    Data Marts layer is by MS SQL 2017;
    Power BI is by O365;
    our on-prem AD sync to O365 AD"

Can only currently think in terms of encryption of data in transit, at rest & at endpoint.
What about data integrity (ConnectDirect did checksumming), cloud security (esp this one)?

I like MS SQL 2017 (as MS SQL 2016 only offers DB encryption in Enterprise Edition) offers
DB encryption even for the non-Enterprise edition
does anyone know if there is a decryptor for ransomware extension ending in bgtx.. it is a variation of dharma encryption.
Hi Experts,
can someone explain the procedure for generating certificates.

I am new to this I want to Generating private key for SFTP connection, i have a file that has a *.asc extension and i want to generate to private key and send it to third party.

Thank you,
Dear expert support

We have issue and required your help : we are implement Bitlocker feature with the users ( different PC models )  90 % is working fine but the issue with 10 % is asking the key every reboot.

Note: this issue dont related to computer model , generally with different models



Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.