Search Results

Search found 510 results on 21 pages for 'decrypt'.

Page 13/21 | < Previous Page | 9 10 11 12 13 14 15 16 17 18 19 20  | Next Page >

• Crypto-Analysis of keylogger logs and config file. Possible?

  - by lost.

  Is there anyway Encryption on an unidentified file can be broken(file in question: config file and log files from ardamax keylogger). These files date back all the way to 2008. I searched everywhere, nothing on slashdot, nothing on google. Ardamax Keyviewer? Should I just write to Ardamax? I am at a loss of what to do. I feel comprimised. Anyone managed to decrpyt files with Crypto-analysis? More Information-- There are log files in the folder and a configuration file, "akv.cfg". Is it possible to decrypt the files and maybe getting the attackers email address used to receive the keylogger logs? I've Checked ardamax.com. They have an built-in log viewer. But its unavailable for download. If superuser isn't the proper place to ask, know where I might get help?

  Read the article

• SQL Server Column Level Encryption - Rotating Keys

  - by BarDev

  We are thinking about using SQL Server Column (cell) Level Encryption for sensitive data. There should be no problem when we initially encryption the column, but we have requirements that every year the Encryption Key needs to change. It seems that this requirement may be problem. Assumption: The table that includes the column that has sensitive data will have 500 million records. Below are the steps we have thought about implementing. During the encryption/decryption process is the data online, and also how long would this process take? Initially encrypt the column New Year Decrypt the column Encrypt the column with new key. Question : When the column is being decrypted/encrypted is the data online (available to be query)? Does SQL Server provide feature that allows for key changes while the data is online? BarDev

  Read the article

• Enabled storing Bitlocker keys in Active Directory, is there a way to upload keys of drives encrypted before this?

  - by Rossaluss

  We have enabled storing of Bitlocker keys within the device object on Active Directory, however before this was implemented, we had encrypted 100+ devices using bitlocker and we've only found ways to upload the key to AD when enabling bitlocker for the first time on an install. Does anybody know of a way where we can upload all the keys for all the devices which already had their drives encrypted with Bitlocker into their respective device objects in AD? Or are we going to have to decrypt and re-encrypt all the devices on the floor? (Google seems to say this is what we're going to have to do, however we're no experts in Bitlocker, so may have missed something) When we go into Manage Bitlocker of an already encrypted device, we only get the same options of saving the key to a file, a memory stick or printing it out, no option is available to save to AD etc. Any help would be appreciated.

  Read the article

• Securely wiping a file on a tmpfs

  - by Nanzikambe

  I have a script that decrypts some data to a tmpfs, the directory is secure (permissions), the machine's swap is encrypted (random key on boot) and when the script is done it does a 35 pass wipe (Peter Gutmann) of the cleartext on the tmpfs . I do this because I'm aware wiping files on a journaling file system is insecure, data may be recovered. For discussion, here're the relevant bits extracted: # make the tmpfs mkdir /mnt/tmpfs chmod 0700 /mnt/tmpfs mount -t tmpfs -o size=1M tmpfs /mnt/tmpfs cd /mnt/tmpfs # decrypt the data gpg -o - <crypted_input_file> | \ tar -xjpf - # do processing stuff # wipe contents find . -type f -exec bcwipe -I {} ';' # nuke the tmpfs cd .. umount -f /mnt/tmpfs rm -fR /mnt/tmpfs So, my question, assuming for the moment that nobody is able to read the cleartext in the tmpfs while it exists (I use umask to set cleartext to 0600), is there any way any trace of the cleartext could remain either in memory or on disk after the snippet above completes?

  Read the article

• Websockets through Stunnel is giving random bytes.

  - by user16682

  I have several servers set up for a web application that I am developing. One is a load balancing server, and I'm running a php WebSockets server on this balancer. The website that I am developing on uses ssl, so I have my WebSockets running through a wss uri connecting directly to the balancer, where I have set up stunnel4 to decrypt all traffic at a certain port and re-rout it to my php WebSockets server. This works fine when it comes down to connecting to my server. That's not the problem. The problem occurs when I try to send data to the server. Occasionally when I try this, stunnel does not appear to be decrypting the data properly. I get garbage characters in my termanal running the server: what appear to be completely random bytes. This can sometimes go on for several consecutive messages that I send before abruptly working again. It is very erratic and unpredictable. Sometimes I refresh the page, and all the messages work perfectly. Sometimes the WebSocket connects and I have to wait 5-10 seconds before any messages I send are interpreted properly by the server. Other times I can't send any messages at all, because they all end up as garbage. I believe this is a stunnel problem, but I am not certain. Does anybody have any experience with this? I would like a more predictable server if I can get it. Some more information: This occurs extensively in Chrome, not quite as much in FireFox, and never in Safari. The php server I am using is phpws http://code.google.com/p/phpws/ -- On the WebSocket connection, this server would sometimes detect that the header was only 1 byte in size, the first byte of the WebSockets header. I had to modify the server to flush the buffer ever time this occurred so that it would reliably connect.

  Read the article

• Unexpected Access Denied error while accessing EFS encrypted file

  - by pozi

  I am getting Access Denied error when I try to access some files. ACL is OK, all ACE's all intherited, I have full access to these files and I am the owner of these files. ACE's are exactly same as other files in the same directory which are accessible without problems (doublechecked through Security Tab on file properties and cacls command). Files are EFS encrypted, however I should have access to these files, because they were encrypted by the same user account I am trying to access (decrypt) them. EFS settings are exactly same as other files in the same directory which are also encrypted and accessible without problems (doublechecked through cipher command and efsdump command (SysInternals)). In ProcMon utility (SysInternals) I am getting Access Denied entry while accessing these files. Files are not used (locked), checked by Unlocker utility. Up to now, I tought I understand NTFS ACL's and EFS mechanisms fairly well, but now I am completely stuck and I do not know how to access these files. Any thoughts?

  Read the article

• Decrypting Windows XP encrypted files from an old disk

  - by Uri Cohen

  I had an old Windows XP machine with an encrypted directory. When moving to a new Win7 machine I connected the old disk as a slave in the new machine, and hence cannot access the encrypted files. Chances don't seem good as documentation warns you: "Do not Delete or Rename a User's account from which will want to Recover the Encrypted Files. You will not be able to de-crypt the files using the steps outlined above." On the other hand, I have full access to the machine, so maybe there's a utility which can extract the keys and use the to decrypt the files... BTW, I didn't have a password in the old machine, if it's relevant. Ideas, anyone? Thanks!

  Read the article

• Connecting a LAN to an OpenVPN server via a windows 7 client gateway

  - by user705142

  I've got OpenVPN set up between my windows 7 client and linux server. The goal is that I'll get secure access to a webapp running on the server from any computer on the client LAN. I'm using ccd to assign static ip addresses to each client connection, with key authentication. It's working on my client machine (10.83.41.9), and when you go to the gateway IP address (10.83.41.1), it loads up the webapp. Now I really need the other computers on the client LAN to be able to connect to the webapp as well, via the windows machine. The client has a static IP address of 192.168.2.100 on the LAN, and I've enabled IP forwarding in windows (confirmed by ipconfig /all). In my router I've forwarded 10.83.41.1 / 255.255.255.255 to 192.168.2.100. In server.conf I have.. route 192.168.2.0 255.255.255.0 And in the office ccd.. ifconfig-push 10.83.41.9 10.83.41.10 iroute 192.168.2.0 255.255.255.0 The client log is as follows: Thu Mar 15 20:19:56 2012 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011 Thu Mar 15 20:19:56 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Thu Mar 15 20:19:56 2012 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file Thu Mar 15 20:19:56 2012 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Mar 15 20:19:56 2012 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Mar 15 20:19:56 2012 LZO compression initialized Thu Mar 15 20:19:56 2012 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ] Thu Mar 15 20:19:56 2012 Socket Buffers: R=[8192->8192] S=[64512->64512] Thu Mar 15 20:19:56 2012 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ] Thu Mar 15 20:19:56 2012 Local Options hash (VER=V4): '9e7066d2' Thu Mar 15 20:19:56 2012 Expected Remote Options hash (VER=V4): '162b04de' Thu Mar 15 20:19:56 2012 UDPv4 link local: [undef] Thu Mar 15 20:19:56 2012 UDPv4 link remote: 111.65.224.202:1194 Thu Mar 15 20:19:56 2012 TLS: Initial packet from 111.65.224.202:1194, sid=ceb04c22 8cc6d151 Thu Mar 15 20:19:56 2012 VERIFY OK: depth=1, /C=NZ/O=XXX./CN=XXX Thu Mar 15 20:19:56 2012 VERIFY OK: nsCertType=SERVER Thu Mar 15 20:19:56 2012 VERIFY OK: depth=0, /C=NZ/O=XXX./CN=XXX Thu Mar 15 20:19:56 2012 Replay-window backtrack occurred [1] Thu Mar 15 20:19:56 2012 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Thu Mar 15 20:19:56 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Mar 15 20:19:56 2012 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Thu Mar 15 20:19:56 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Mar 15 20:19:56 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Thu Mar 15 20:19:56 2012 [server] Peer Connection Initiated with 111.65.224.202:1194 Thu Mar 15 20:19:58 2012 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Thu Mar 15 20:19:59 2012 PUSH: Received control message: 'PUSH_REPLY,route 10.83.41.1,topology net30,ping 10,ping-restart 120,ifconfig 10.83.41.9 10.83.41.10' Thu Mar 15 20:19:59 2012 OPTIONS IMPORT: timers and/or timeouts modified Thu Mar 15 20:19:59 2012 OPTIONS IMPORT: --ifconfig/up options modified Thu Mar 15 20:19:59 2012 OPTIONS IMPORT: route options modified Thu Mar 15 20:19:59 2012 ROUTE default_gateway=192.168.2.1 Thu Mar 15 20:19:59 2012 TAP-WIN32 device [OpenVPN] opened: \\.\Global\{B32D85C9-1942-42E2-80BA-7E0B5BB5185F}.tap Thu Mar 15 20:19:59 2012 TAP-Win32 Driver Version 9.9 Thu Mar 15 20:19:59 2012 TAP-Win32 MTU=1500 Thu Mar 15 20:19:59 2012 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.83.41.9/255.255.255.252 on interface {B32D85C9-1942-42E2-80BA-7E0B5BB5185F} [DHCP-serv: 10.83.41.10, lease-time: 31536000] Thu Mar 15 20:19:59 2012 Successful ARP Flush on interface [45] {B32D85C9-1942-42E2-80BA-7E0B5BB5185F} Thu Mar 15 20:20:04 2012 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up Thu Mar 15 20:20:04 2012 C:\WINDOWS\system32\route.exe ADD 10.83.41.1 MASK 255.255.255.255 10.83.41.10 Thu Mar 15 20:20:04 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4 Thu Mar 15 20:20:04 2012 Route addition via IPAPI succeeded [adaptive] Thu Mar 15 20:20:04 2012 Initialization Sequence Completed From the other machines I can ping 192.169.2.100, but not 10.83.41.1. In the how-to, it mentions "Make sure your network interface is in promiscuous mode." as well. I can't find in the windows network config, so this may or may not be part of it. Ideally this would be achieved without any special configuration the other LAN computers. Not sure how far I'm going to get on my own at this point, any ideas? Is there something I'm missing, or anything I should need to know?

  Read the article

• PCI scan findings and problems with week ciphers on ports 993,443,995,465

  - by user64991

  From PCI scan results: Synops is : The remote service encrypts traffic using a protocol with known weaknesses . Description : The remote service accepts connections encrypted using SSL 2.0, which reportedly suffers from several cryptographic flaws and has been deprecated for several years. An attacker may be able to exploit these issues to conduct man-in-the-middle attacks or decrypt communications between the affected service and clients . See also : http://www.schneier.com/paper-ssl.pdf Solution: Consult the application's documentation to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead. Risk Factor: Medium / CVSS Base Score : 2 (AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N) I have tried to change SSLProtocol all -SSLv2 to SSLProtocol -ALL +SSLv3 +TLSv1 And SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW To SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXPORT But using SSLdigger, it shows the same result. Is this the right way to do something like this?

  Read the article

• How to automaticaly mount luks-partition only when disk is plugged in

  - by Frederick Roth

  I have the following scenario: I want to automatically backup some data from my Laptop(Fedora Core 17) to a external encrypted(luks) hard disk. The disk can be opened by a key file, which lies on the also encrypted root partition of my laptop. The hard disk is attached to my docking station and therefore only "present" when I am at home (which is approximately 1/2 of the time the Laptop runs) I have everything set up the way I want it with one exception. I don't get a decent way to mount the hard disk automatically at boot if and only if it is present. If I add it to crypttab and fstab without noauto it tries to mount it at boot and takes a lot(!) of time and error messages when it is not present. If I add noauto, well it does not mount automatically ;) Is there a way to configure luks/crypttab to do the following: check whether the disk is present if yes: decrypt/mount if no: just don't

  Read the article

• OpenVPN stopped working, what could have happened?

  - by jaja

  I have Openvpn, and it worked great when I used it on PC (Windows 8), then I copied all files (Certificates and config) to an Android 4 phone to use them. Now, Openvpn works on the phone, but not the PC. Specifically, when I open Google I get: The server at www.google.com can't be found, because the DNS lookup failed, but the VPN seems to be connected. I have a simple question, could the problem be because I copied the same files? Routing table before connecting:- IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.101 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.1.0 255.255.255.0 On-link 192.168.1.101 281 192.168.1.101 255.255.255.255 On-link 192.168.1.101 281 192.168.1.255 255.255.255.255 On-link 192.168.1.101 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.1.101 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.1.101 281 =========================================================================== Routing table after connecting:- IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.101 25 0.0.0.0 128.0.0.0 10.8.0.5 10.8.0.6 30 10.8.0.1 255.255.255.255 10.8.0.5 10.8.0.6 30 10.8.0.4 255.255.255.252 On-link 10.8.0.6 286 10.8.0.6 255.255.255.255 On-link 10.8.0.6 286 10.8.0.7 255.255.255.255 On-link 10.8.0.6 286 **.**.***.** 255.255.255.255 192.168.1.254 192.168.1.101 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 128.0.0.0 128.0.0.0 10.8.0.5 10.8.0.6 30 192.168.1.0 255.255.255.0 On-link 192.168.1.101 281 192.168.1.101 255.255.255.255 On-link 192.168.1.101 281 192.168.1.255 255.255.255.255 On-link 192.168.1.101 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.1.101 281 224.0.0.0 240.0.0.0 On-link 10.8.0.6 286 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.1.101 281 255.255.255.255 255.255.255.255 On-link 10.8.0.6 286 =========================================================================== Server conf:- port 1194 proto udp dev tun ca ca.crt cert myservername.crt key myservername.key dh dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt duplicate-cn keepalive 10 120 comp-lzo persist-key persist-tun status openvpn-status.log verb 3 push "redirect-gateway def1" Client conf:- client dev tun proto udp remote 89.32.148.35 1194 resolv-retry infinite nobind persist-key persist-tun mute-replay-warnings ca ca.crt cert client1.crt key client1.key verb 3 comp-lzo redirect-gateway def1 Here is the log file:- Tue Dec 18 16:34:27 2012 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011 Tue Dec 18 16:34:27 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Tue Dec 18 16:34:27 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Tue Dec 18 16:34:27 2012 LZO compression initialized Tue Dec 18 16:34:27 2012 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Tue Dec 18 16:34:27 2012 Socket Buffers: R=[65536-65536] S=[65536-65536] Tue Dec 18 16:34:27 2012 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Tue Dec 18 16:34:27 2012 Local Options hash (VER=V4): '41690919' Tue Dec 18 16:34:27 2012 Expected Remote Options hash (VER=V4): '530fdded' Tue Dec 18 16:34:27 2012 UDPv4 link local: [undef] Tue Dec 18 16:34:27 2012 UDPv4 link remote: ..*.:1194 Tue Dec 18 16:34:27 2012 TLS: Initial packet from ..*.:1194, sid=4d1496ad 2079a5fa Tue Dec 18 16:34:28 2012 VERIFY OK: depth=1, /C=/ST=/L=/O=/OU=/CN=/name=/emailAddress= Tue Dec 18 16:34:28 2012 VERIFY OK: depth=0, /C=/ST=/L=/O=/OU=/CN=/name=/emailAddress= Tue Dec 18 16:34:29 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Tue Dec 18 16:34:29 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Dec 18 16:34:29 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Tue Dec 18 16:34:29 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Dec 18 16:34:29 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Tue Dec 18 16:34:29 2012 [myservername] Peer Connection Initiated with ..*.:1194 Tue Dec 18 16:34:32 2012 SENT CONTROL [myservername]: 'PUSH_REQUEST' (status=1) Tue Dec 18 16:34:32 2012 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' Tue Dec 18 16:34:32 2012 OPTIONS IMPORT: timers and/or timeouts modified Tue Dec 18 16:34:32 2012 OPTIONS IMPORT: --ifconfig/up options modified Tue Dec 18 16:34:32 2012 OPTIONS IMPORT: route options modified Tue Dec 18 16:34:32 2012 ROUTE default_gateway=192.168.1.254 Tue Dec 18 16:34:32 2012 TAP-WIN32 device [Local Area Connection] opened: \.\Global{F0CFEBBF-9B1B-4CFB-8A82-027330974C30}.tap Tue Dec 18 16:34:32 2012 TAP-Win32 Driver Version 9.9 Tue Dec 18 16:34:32 2012 TAP-Win32 MTU=1500 Tue Dec 18 16:34:32 2012 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {F0CFEBBF-9B1B-4CFB-8A82-027330974C30} [DHCP-serv: 10.8.0.5, lease-time: 31536000] Tue Dec 18 16:34:32 2012 Successful ARP Flush on interface [26] {F0CFEBBF-9B1B-4CFB-8A82-027330974C30} Tue Dec 18 16:34:37 2012 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up Tue Dec 18 16:34:37 2012 C:\WINDOWS\system32\route.exe ADD ..*. MASK 255.255.255.255 192.168.1.254 Tue Dec 18 16:34:37 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4 Tue Dec 18 16:34:37 2012 Route addition via IPAPI succeeded [adaptive] Tue Dec 18 16:34:37 2012 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5 Tue Dec 18 16:34:37 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4 Tue Dec 18 16:34:37 2012 Route addition via IPAPI succeeded [adaptive] Tue Dec 18 16:34:37 2012 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5 Tue Dec 18 16:34:37 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4 Tue Dec 18 16:34:37 2012 Route addition via IPAPI succeeded [adaptive] Tue Dec 18 16:34:37 2012 C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5 Tue Dec 18 16:34:37 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4 Tue Dec 18 16:34:37 2012 Route addition via IPAPI succeeded [adaptive] Tue Dec 18 16:34:37 2012 Initialization Sequence Completed

  Read the article

• How does eMail encryption work?

  - by Dummy Derp

  I have been going over YouTube watching videos on eMail encryption and everyone seems to explain it from a different perspective. Some do it for a CompTIA exam while others just provide a primer. Here is what I understood: Step1: You compose an email that you want to send. Without encryption, it will be simple ASCII text that will be visible to anyone along the way. Step2: You generate a digital signature to make sure that nobody gets to re-transmit your email and claim it was you. Digital Signature is generated using Sender's private key which is usually a hash of the password and is then combined with the original message to form one long hash string. These signatures are one-time-use-only and a new one is calculated for every email. Step 3: You encrypt the compose of your email using Receiver's public key so that the only person who can read it is the intended receiver using their private key Step 4: When you hit the send the email, what is transmitted now is gibberish to everyone apart from the intended receiver who will decrypt is using their private key And there are various ways to do it like PEM, PGP, etc. Correct me where I am wrong or refine where necessary.

  Read the article

• decrypting AES files in an apache module?

  - by Tom H

  I have a client with a security policy compliance requirement to encrypt certain files on disk. The obvious way to do this is with Device-mapper and an AES crypto module However the current system is setup to generate individual files that are encrypted. What are my options for decrypting files on-the-fly in apache? I see that mod_ssl and mod_session_crypto do encryption/decryption or something similar but not exactly what I am after. I could imagine that a PerlSetOutputFilter would work with a suitable Perl script configured, and I also see mod_ext_filter so I could just fork a unix command and decrypt the file, but they both feel like a hack. I am kind of surprised that there is no mod_crypto available...or am I missing something obvious here? Presumably resource-wise the perl filter is the way to go?

  Read the article

• Paranoid Encryption

  - by Lord Jaguar

  Call me paranoid, but I really like to keep my stuff secret, but readily available on the cloud. So, asking this question. How safe and reliable is encryption software (e.g., truecrypt)? The reason I ask is that, what is I encrypt my data today with this software and after a couple of years, the software is gone ! What happens to my encrypted data? Is it equally safe to AES encrypt using 7-zip? Will it provide the same level or equivalent level of encryption as truecrypt or other encryption software? (I agree truecrypt will be better because of the container encryption it gives.) And what happens if 7-zip shuts down after 5 years? I am sorry if I am sounding paranoid, but I am coming back to my original question... Is there any application/software independent encryption? Meaning, can I encrypt with one software and decrypt with another so that I will not be dependent on just one vendor? I want my encryption to depend ONLY on the password and NOT on the encryption program/software? The next question, can I write my own program that does AES/stronger encryption when I give it a passphrase, so that I don't need to depend on third party software for encryption? If yes, which language supports the same? Can someone give me a heads up as to where to look for in case of writing my own encryption program?

  Read the article

• What do encrypted files' data look like?

  - by Frost Shadow

  I know there are a lot of encryption programs available, that I would guess use different methods for encryption, and thus have different types of output files (.fve .tc .cha .dmg (bitlocker, truecrypt, challenger, ect.)), but if someone didn't know what the file was and just looked at the data, what would it look like? Does it just look like random bits, or can you still pick out a pattern? If it does look random, how is it if I moved the encrypted file to another computer, the other computer can tell it's a file, and is able to decrypt it (how would it even know where to start or stop, if it all looked random)? Also, how is the structure affected by encrypting files twice, using the same method, or a different one? Thanks for any help, and if you know any books or site about encryption for complete idiots, I'd appreciate it!

  Read the article

• Truecrypt in place decryption. Is this possible?

  - by Keyo

  I want to decrypt my entire partition and turn it back into standard NTFS. I encrypted a large partition on my 1TB drive before I took it through the airport. For this I used the in place method on truecrypt for win7. I'm on a mac now and there doesn't seem to be any way to decryppt the drive in place. It mounts fine, but I don't want to buy another drive just so I can shift files around. The drive is hooked up via USB. Would this be a problem?

  Read the article

• Is encoding needed in this decryption?

  - by Lijo

  I have a Encryption – Decryption scenario as shown below. //[Clear text ID string as input] -- [(ASCII GetByte) + Encoding] -- [Encrption as byte array] -- [Database column is in VarBinary] -- [Pass byte[] as VarBinary parameter to SP for comparison] //[ID stored as VarBinary in Database] -- [Read as byte array] -- [(Decrypt as byte array) + Encoding + (ASCII Get String)] -- Show as string in the UI My question is in the decryption scenario. After decryption I get a byte array. I am doing an encoding (IBM037) after that. Is it correct? Is there something wrong in the flow shown above? private static byte[] GetEncryptedID(string id) { Interface_Request input = new Interface_Request(); input.RequestText = Encodeto64(id); input.RequestType = Encryption; ProgramInterface inputRequest = new ProgramInterface(); inputRequest.Test_Trial_Request = input; using (KTestService operation = new KTestService()) { return ((operation.KTrialOperation(inputRequest)).Test_Trial_Response.ResponseText); } } private static string GetDecryptedID(byte[] id) { Interface_Request input = new Interface_Request(); input.RequestText = id; input.RequestType = Decryption; ProgramInterface request = new ProgramInterface(); request.Test_Trial_Request = input; using (KTestService operationD = new KTestService()) { ProgramInterface1 response = operationD.KI014Operation(request); byte[] decryptedValue = response.ICSF_AES_Response.ResponseText; Encoding sourceByteFormat = Encoding.GetEncoding("IBM037"); Encoding destinationByteFormat = Encoding.ASCII; //Convert from one byte format to other (IBM to ASCII) byte[] ibmEncodedBytes = Encoding.Convert(sourceByteFormat, destinationByteFormat,decryptedValue); return System.Text.ASCIIEncoding.ASCII.GetString(ibmEncodedBytes); } } private static byte[] EncodeTo64(string toEncode) { byte[] dataInBytes = System.Text.ASCIIEncoding.ASCII.GetBytes(toEncode); Encoding destinationByteFormat = Encoding.GetEncoding("IBM037"); Encoding sourceByteFormat = Encoding.ASCII; //Convert from one byte format to other (ASCII to IBM) byte[] asciiBytes = Encoding.Convert(sourceByteFormat, destinationByteFormat, dataInBytes); return asciiBytes; }

  Read the article

• Is there an encrypted write-only file system for Linux?

  - by Grumbel

  I am searching for an encrypted filesystem for Linux that can be mounted in a write-only mode, by that I mean you should be able to mount it without supplying a password, yet still be able to write/append files, but neither should you be able to read the files you have written nor read the files already on the filesystem. Access to the files should only be given when the filesystem is mounted via the password. The purpose of this is to write log files or similar data that is only written, but never modified, without having the files themselves be exposed. File permissions don't help here as I want the data to be inaccessible even when the system is fully compromised. Does such a thing exist on Linux? Or if not, what would be the best alternative to create encrypted log files? My current workaround consists of simply piping the data through gpg --encrypt, which works, but is very cumbersome, as you can't easily get access to the filesystem as a whole, you have to pipe each file through gpg --decrypt manually.

  Read the article

• Security of a free public VPN service

  - by Mark Belli

  I just started using VPNBOOK, which is a (very efficent) free VPN solution. I have a question: VPNBOOK user and pass used to connect to their vpn network are publicily available on their homepage; everybody uses them to connect to the vpn. Can a user intercept my wifi traffic and: Understand that my connections are directed to VPNBOOK servers. If point 1 is successful, then they could use VPNBOOK public user and pass to decrypt my traffic? I hope I am missing something, otherwise it would be a very big weakness and I would revert to a paid service (with a private account)

  Read the article

• How to allow password protected start-stop-daemon functionality?

  - by Mahmoud Abdelkader

  I would like to use Ubuntu's start-stop-daemon to start my application, but the application protects some sensitive information, so I have a mechanism where the application prompts for a password that's then used to generate a hashkey, which is used as the secret key for a symmetric encryption (AES) to encrypt and decrypt things from a database. I'd like to daemonize this application and have it run from start-stop-daemon, so that sudo service appname stop and sudo service appname start would work, but, I'm not sure how to go about doing this with the added complexity of a password prompt. Is there something that supports this or do I have to program it from scratch? I figured I should ask first before re-inventing the wheel. Thanks in advance.

  Read the article

• SASL (Postfix) authentication with MySQL and SHA1 pre-encrypted passwords

  - by webo

  I have a Rails app with the Devise authentication gem running user registration and login. I want to use the db table that Devise populates when a user registers as the table that Postfix uses to authenticate users. The table has all the fields that Postfix may want for SASL authentication except that Devise encrypts the password using SHA1 before placing it in the database. How could I go about getting Postfix/SASL to decrypt those passwords so that the user can be authenticated properly? Devise salts the password so I'm not sure if that helps. Any suggestions? I'd likely want to do something similar with Dovecot or Courier, I'm not attached to one quite yet.

  Read the article

• SQUID Transparent SSL proxy (no intercept)

  - by user974896

  I know how to have squid work as a transparent proxy. You put it into transparent mode then use your router or IPTABLES to forward port 80 to the squid port. I would like to do the same for SSL. Every guide I see mentions setting up keys on the squid server. I do not want squid to actually decrypt the SSL traffic then establish a connection with the server, rather I would like squid to simply forward the SSL traffic as is. The only thing I would like to do is be able to check the SSL request for any offending IPs and drop the packets if the destination is one of them.

  Read the article

• decrypting a dvd and testing that it is decrypted and playing it locally with its menu?

  - by barlop

  I have a DVD , it may be decrypted. How do I get it to hard drive decrypt it and see if it is decrypted? I have got it to hard drive... I can get VOB files to play(does that mean it is not encrypted?) but I can't get it to play with the menu. I can get the DVD itself to play with a menu. I'd like to get the local copy to. Also, I can play the first VOB file in VLC and MPC but not in mplayer. But that's a secondary thing. I will use whatever player you suggest. I have tried VLC, and mplayer, and media player classic.

  Read the article

• Encrypt temporary password using public ssh key

  - by David M. Syzdek

  I manage a virtual office and our staff uses both SSH keys and passwords for authentication. If one of our staff forgets his password, is there a way to encrypt a temporary password using his public RSA ssh key so I can send it to him via e-mail? I've seen other questions related to this one, however the "answers" generally recommend against using the public/private SSH keys to perform general encryption/decryption and do not actually state if this is possible. I would like to know if it is indeed possible and what are the steps to encrypt and then decrypt the password.

  Read the article

• No MAU required on a T4

  - by jsavit

  Cryptic background One of the powerful features of the T-series servers is its hardware crypto acceleration, which dramatically speeds up the compute intensive algorithms needed to encrypt and decrypt data. Previously, administrators setting up logical domains on older T-series servers had to explicitly assign crypto resources (called "MAU" for historical reasons from the T1 chip that had "modular arithmetic units") to domains that had a significant crypto workload (say, an SSL based web server). This could be an administrative burden, as you had to choose which domains got the crypto units, and issue the appropriate ldm set-mau N mydomain commands. The T4 changes things The T4 is fast. Really fast. Its clock rate and out-of-order (OOO) execution that provides the single-thread performance that T-series machines previously did not have. If you have any preconceptions about T-series performance, or SPARC in general, based on the older servers (which, it must be said, were absolutely outstanding for multi-threaded applications), those assumptions are now obsolete. The T4 provides outstanding. performance for all kinds of workload, as illustrated at https://blogs.oracle.com/bestperf. While we all focused on this (did I mention the T4 is fast?), another feature of the T4 went largely unnoticed: The T4 servers have crypto acceleration "just built in" so administrators no longer have to assign crypto accelerator units to domains - it "just happens". This is way way better since you have crypto everywhere by default without having to manage it like a discrete and limited resource. It's a feature of the processor, like doing an integer add. With T4, there is no management necessary, you just have HW crypto everywhere all the time seamlessly. This change hasn't been widely advertised, and some administrators have wondered why there were unable to assign a MAU to a domain as they did with T2 and T3 machines. The answer is that there is no longer any separate MAU, so you don't have to take any action at all - just leave the default of 0. Summary Besides being much faster than its predecessors, the T4 also integrates hardware crypto acceleration so its seamlessly available to applications, whether domains are being used or not. Administrators no longer have to control how they are allocated - it "just happens"

  Read the article

< Previous Page | 9 10 11 12 13 14 15 16 17 18 19 20  | Next Page >