Encryption Method algorithm for WS security

Similar Messages

• Using JHS tables and hashing with salt algorithms for Weblogic security

  We are going to do our first enterprise ADF/JHeadstart application. For security part, we are going to do the following:
  1. We will use JHS tables as authentication for ADF security.
  2. We will use JAAS as authentication and Custom as authorization.
  2. We need to use JHeadStart security service screen in our application to manage users, roles and permission, instead of doing users/groups management within Weblogic.
  3. We will create new Weblogic SQL Authentication Provider.
  4. We will store salt with password in the database table.
  5. We will use Oracle MDS.
  There are some blogs online giving detail steps on how to create Weblogic SQL Authentication Provider and use JHS tables as authentication for ADF security. I am not sure about the implementation of hashing with salt algorithms, as ideally we'd like to use JHS security service screen in the application to manage users, roles and permission, not using Weblogic to do the users/groups management. We are going to try JMX client to interact with Weblogic API, looks like it is a flexiable approach. Does anybody have experience on working with JMX, SQL Authentication Provider and hashing with salt algorithms? Just want to make sure we are on the right track.
  Thanks,
  Sarah

  To be clear, we are planning on using a JMX client at the Entity level using custom JHS entitiy classes.
  BradW working with Sarah

• Phase 1 Encryption Method in Config File

  OK...  I see the statement for the declaration of Encryption for Phase 2.  It is clear in the Crypto Map section.  Where in the config file is the Phase 1 encryption method defined for a given IPSec Tunnel?
  Thanx

  Hi,
  From the ASA CLI you should be able to see all the phase 1 policies configured on the ASA with the command "show run crypto". They are at the very end.
  Each of the policies have a priority number in which order they are checked when a VPN connection is being formed.
  To my understanding none of them are locked to a certain VPN connection on your ASA. They are gone through with the other VPN device/client in the Phase1 negotiations until they find a policy match that both devices have.
  In my 8.4(3) ASA I for example have the policies like this
  crypto ikev1 policy 30
  authentication pre-share
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 60
  authentication pre-share
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  For the older software the format might be different.
  Like
  "crypto isakmp policy 10"
  - Jouni

• Which encryption method is the best way to secure the data tranfer

  Hi ,
  I want to configure the Encryption between two cisco Wan routers(3845 & 3825).
  We use 50MB leased line connection and transfer the data. I also configured the QOS to limit the data transfer rate to 20MB on the same pipe and it's working fine.We also use the same pipe for trading purpose too. That's why I limit 20MB for data(copy) transfer between two hosts.
  Which encryption method should I use to secure the data transfer?
  Plese kinldy advise .
  Thanks,

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  I would recommend AES256.
  I would also recommend a VTI tunnel vs. GRE/IPSec.  However, both, depending on your IOS, should support AES256.
  Encryption will demand more from your routers.  I think the 3845 should be able to support 20 Mbps encrypted, not as sure about the 3825.  (BTW, if you have 50 Mbps LL, why are you limited transfer rate to 20 Mbps?)
  Also BTW, there's much involved in setting up encrypted tunnels for optimal performance.  Also see: http://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/25885-pmtud-ipfrag.html

• Configure security-role and method permission for EJB 3.0 using Jdev 11g

  The EJB 3.0 session bean created by Jdev 11g EJB wizard does not have ejb-jar.xml. Where and how can security-role and method permission for the EJB be configured?
  For example,
  <assembly-descriptor>
  <security-role>
  <role-name>managers</role-name>
  </security-role>
  <method-permission>
  <role-name>managers</role-name>
  <method>
  <ejb-name>Employees</ejb-name>
  <method-name>setSalary</method-name>
  <method-params>
  <method-param>java.lang.Long</method-param>
  </method-params>
  </method>
  </method-permission>
  </assembly-descriptor>

  user516954,
  By default annotations are used. However, you can create a new descriptor and that will take presidence over any declared annotation.
  --Ric                                                                                                                                                                                                                                                                                                                               

• Log onto incoming mail server (POP3): Your server does not support the connection encryption type you have specified. Try changing the encryption method. Contact your mail server administrator or Internet service provider (ISP) for additional assistance.

  Hi All,
  This is my first post to ms exchange forum am getting  Log onto incoming mail server (POP3): Your server does not support the connection encryption type you have specified. Try changing the encryption method. Contact your mail server administrator
  or Internet service provider (ISP) for additional assistance. in my outlook clients, till last Sunday (12.04.15) my exchange was well & good, Monday morning suddenly the problem started like none of our outlook pop3 clients are able to communicate
  with exchange (rest  IMAP, SMTP & Exchange accounts are working fine). i have tried with all port no but no luck. please help me to get raid of this one.
  Exchange 2013 CU6 with server 2012 Std 64Bit
  Thanks,
  Murali 

  Dear All,
  I have found the solution for above problem, the problem has occur due to PopProxy inactivity
  please find relevant exchange management shell commends below.
  1. Get-ServerComponentstate -Identity <yourmailserver.com> 
  Server Component State
  yourmailserver.com ServerWideOffline Active
  yourmailserver.com HubTransport Active
  yourmailserver.com FrontendTransport Active
  yourmailserver.com Monitoring Active
  yourmailserver.com RecoveryActionsEnabled Active
  yourmailserver.com AutoDiscoverProxy Active
  yourmailserver.com ActiveSyncProxy Active
  yourmailserver.com EcpProxy Active
  yourmailserver.com EwsProxy Active
  yourmailserver.com ImapProxy Active
  yourmailserver.com OabProxy Active
  yourmailserver.com OwaProxy Active
  yourmailserver.com PopProxy Inactive
  yourmailserver.com PushNotificationsProxy Active
  yourmailserver.com RpsProxy Active
  yourmailserver.com RwsProxy Active
  yourmailserver.com RpcProxy Active
  yourmailserver.com UMCallRouter Active
  yourmailserver.com XropProxy Active
  yourmailserver.com HttpProxyAvailabilityGroup Active
  yourmailserver.com ForwardSyncDaemon Active
  yourmailserver.com ProvisioningRps Active
  yourmailserver.com MapiProxy Active
  yourmailserver.com EdgeTransport Active
  yourmailserver.com HighAvailability Active
  yourmailserver.com SharedCache Active
  2. Set-ServerComponentState -Identity <yourmailserver.com> -Component PopProxy -Requester HealthAPI
  -State Active
  3. Get-ServerComponentstate -Identity <yourmailserver.com> 
  Server Component State
  yourmailserver.com ServerWideOffline Active
  yourmailserver.com HubTransport Active
  yourmailserver.com FrontendTransport Active
  yourmailserver.com Monitoring Active
  yourmailserver.com RecoveryActionsEnabled Active
  yourmailserver.com AutoDiscoverProxy Active
  yourmailserver.com ActiveSyncProxy Active
  yourmailserver.com EcpProxy Active
  yourmailserver.com EwsProxy Active
  yourmailserver.com ImapProxy Active
  yourmailserver.com OabProxy Active
  yourmailserver.com OwaProxy Active
  yourmailserver.com PopProxy Active
  yourmailserver.com PushNotificationsProxy Active
  yourmailserver.com RpsProxy Active
  yourmailserver.com RwsProxy Active
  yourmailserver.com RpcProxy Active
  yourmailserver.com UMCallRouter Active
  yourmailserver.com XropProxy Active
  yourmailserver.com HttpProxyAvailabilityGroup Active
  yourmailserver.com ForwardSyncDaemon Active
  yourmailserver.com ProvisioningRps Active
  yourmailserver.com MapiProxy Active
  yourmailserver.com EdgeTransport Active
  yourmailserver.com HighAvailability Active
  yourmailserver.com SharedCache Activ
  Replace yourmailserver.com with your server host name.
  Thanks

• Network security: Configure encryption types allowed for Kerberos-Windows 2008

  If below setting has been enabled in domain policy on Windows 2008 R2 DC ; what is the effect on Windows 2008 Member server . that seeting is not present in Windows 2008.
  Network security: Configure encryption types allowed for Kerberos:
  Please advice & if possible please provide more info.
  AliahMurfy

  Hi,
  I found some related information is some type of the encrypt not supported on the server 2008, such as AES128_HMAC_SHA1.
  More detail information please refer the following KB:
  Network security: Configure encryption types allowed for Kerberos
  http://technet.microsoft.com/en-us/library/jj852180(v=ws.10).aspx
  Hope this helps.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• What is the encryption method for the user's password?

  hi all,
  who knows what is the encryption method for the user's password?
  the password is 803004, and i get the encrypted string "D7EDED84BC624A917F5B462A4DCA05CDCE256EEEEEDC97D59A57930E06CF9781E022CC8E430FF04E"
  thanks,
  dan

  There is no default password for a guest user unless you've created one:
  (screenshot from the System Pref Guest User Pane)

• Algorithms for Signing & Encryption for SAP Java cryptographic Tool kit

  Hi,
  We want to use SAP Java Cryptographic Toolkit for S/MIME for signing & encryption. Kindly let me know what are all the algorithms it supports for Signing & algorithms it supports for Encryption
  With Regards
  K.Varadharajan

  DES (Data Encryption Standard) algorithm is used to perform the encryption
  Policy jurisdiction files regulate which algorithms are available. These jurisdiction files are provided by the same vendor as for your J2SE package.
  Regards,
  Prateek

• MAC filter for wireless security????

  I have hooked up my wireless router and had trouble with the security part.  I am now set up with the wireless security disabled but the MAC filter enabled and my wireless computers mac number entered and all is working.  will the MAC filter work as security for my wireless network.  thanks tdm

  MAC address filtering is considered a very low level of security.  It will keep honest people from accidentally logging into your network, but that is about it.  MAC addresses are transmitted wirelessly when you use your router.  Anyone can monitor your transmissions, so it is easy to learn a working MAC address.  They can then fake the MAC address and loggin to your network whenever you are not connected.
  Also, when your transmissions are not encrypted, anyone within range can monitor your wireless transmissions, even without logging into your network.  With a good antenna, your transmissions can probably be picked up for at least half a mile from your home.  So someone could monitor the web sites you visit, your email, etc., and in some cases, your passwords.
  You really should setup wireless security on your network.
  Here are my tips for setting up wireless security:
  To set up wireless security, you must use a computer that is wired to the router.
  Where to find the router settings: The router's login password is usually on one of the "Administration" pages. The other settings are all found in the "Wireless" section of the router's setup pages, located at 192.168.1.1
  First, give your router a unique SSID. Don't use "linksys".
  Make sure "SSID Broadcast" is set to "enabled".
  Next, leave the router at its default settings (except for the unique SSID), and then use your pc to connect wirelessly to the router. Test your wireless Internet connection and make sure it is working correctly. You must have a properly working wireless connection before setting up wireless security.
  To implement wireless security, you need to do one step at a time, then verify that you can still connect your wireless computer to the router.
  Next, encrypt your wireless system using the highest level of encryption that all of your wireless devices will support. Common encryption methods are:
  WEP - poor (see note below)
  WPA (sometimes called PSK, or WPA with TKIP) - good
  WPA2 (sometimes called PSK2, or WPA with AES) - best
  WPA and WPA2 sometimes come in versions of "personal" and "enterprise". Most home users should use "personal". Also, if you have a choice between AES and TKIP, and your wireless equipment is capable of both, choose AES. With any encryption method, you will need to supply a key (sometimes called a "password" ).
  The wireless devices (computers, printers, etc.) that you have will need to be set up with the SSID, encryption method, and key that matches what you entered in the router.
  Retest your system and verify that your wireless Internet connection is still working correctly.
  And don't forget to give your router a new login password.
  Picking Passwords (keys): You should never use a dictionary word as a password. If you use a dictionary word as a password, even WPA2 can be cracked in a few minutes. When you pick your login password and encryption key (or password or passphrase) you should use a random combination of capital letters, small letters, and numbers, but no spaces. A login password, should be 12 characters or more. WPA and WPA2 passwords should be at least 24 characters. Note: Your key, password, or passphrase must not have any spaces in it.
  Most home users should have their routers set so that "remote management" of the router is disabled. If you must have this option enabled, then your login password must be increased to a minumum of 24 random characters.
  One additional issue is that Windows XP requires a patch to run WPA2. Go to Microsoft Knowledge base, article ID=917021 and it will direct you to the patch.
  Sadly, the patch is not part of the automatic Windows XP updates, so lots of people are missing the patch.
  Note:
  WEP is no longer recommended. The FBI has demonstrated that WEP can be cracked in just a few minutes using software tools that are readily available over the Internet. Even a long random character password will not protect you with WEP. You should be using WPA or preferably WPA2 encryption.
  Message Edited by toomanydonuts on 01-16-2008 03:38 AM

• Iphone's App store rejects payment method, even for free apps! Someone please help me!

  Hi
  Last night i downloaded some apps, that i had to pay for using my Visa Credit Card. I have had this set as my payment method for ages. Anyway, it all worked and i got the apps, but today i tried to download another app, which was free and i had to sign in to my Apple ID or whatever the prompt is, so that i could download the free app.
  I signed in and recieved another popup asking me to sign in and review billing information. I pressed OK and signed in again and was taken to the billing information and payment information page. On this page it says that there was an error with a previous purchase from the App Store and that i must check all my payment information is correct.  All the information that i had entered there when first adding my payment method was still there. Except for the security code.
  I re-entered the security code and pressed done, and the page said that the payment information was not valid, or not allowed and asks me to change my payment information and / or method. So i re-enter all my information for my payment method and it still doesn' t work. It still says that there is an error with a previous purchase and that i must recheck or change my payment and billing information. The error cannot be right though, as all the apps that i have either downloaded or bought have downloaded fine.
  Sometimes the error message changes to saying my payment information has been rejected, which cannot be right either, as i was using the payment method yesterday. I know i don't have any funds in my account at the moment, but that should not be relevant as i am trying to download a free app.
  I tried downloading different free apps, but was unsuccessful.
  Because I spent around an hour or so trying to download the app, i then downloaded the lastest software update, which was 6.0.1 or something. I updated from the 5.something software.
  I was still unable to download anything from the app store.
  I have tried to edit the billing and payment information from the App Store, Safari on the Iphone and from Google Chrome on my computer, none of these have helped.
  If someone has a soloution or if Apple can sort my account out, i will be so grateful.
  I use an Iphone 3gs and updated the software on it after my payment information wasn't working for about an hour.
  A slightly-annoyed person.
  Message was edited by: Entropicaful

  This happened to me about a year ago, call Apple customer service and they should be able to help. It had something to do with Apple's system not reading the credit card info correctly even if it had been stored and worked fine before. They fixed my problem instantly after I wasted alot of time trying to get things to work.
  Hope this helps.

• HT201363 I have a lot of money on my Apple ID but when I try to buy something it ask for my security questions that I do not remember the answers to. I also don't have access to the email I used to set up my Apple ID but I do know the password how do I fi

  I have a lot of money on my Apple ID but when I try to buy something it ask for my security questions that I do not remember the answers to. I also don't have access to the email I used to set up my Apple ID but I do know the password how do I fix this ?

  You need to ask Apple to reset your security questions; ways of contacting them include phoning AppleCare and asking for the Account Security team, clicking here and picking a method for your country, and filling out and submitting this form.
  They wouldn't be security questions if they could be bypassed without Apple verifying your identity.
  (105412)

• Reg::Error in XMLDecryption algorithm for adapter module in SAP PI

  Hi Experts,
  I have developed a custom java code for encryption and decryption for XML to be included in adapter module in SAP PI using SAP netweaver.My decryption code is working fine for stand alone java application.But when I create EJB project and deploy it I get no error..But in communication monitoring of SAP PI i get the below error
  Error: org.apache.xml.security.encryption.XMLEncryptionException: No Key Encryption Key loaded and cannot determine using key resolvers
  I included xmlsec1.3.0.jar file as external library..
  I would be grateful if you could suggest any solution for the above issue.
  Thanks
  Priya

  Hi Priya,
                   I am working on the same senario if Uhave idea plz help me on it.
  Regards,
  Prasad.

• Ok i have been trying to download albums, songs, apps, etc. and my itunes keeps asking me for the security question and for the life of me i cant remember the answers. I dont know what the email is that receives the question reset.

  ok i have been trying to download albums, songs, apps, etc. and my itunes keeps asking me for the security question and for the life of me i cant remember the answers. I dont know what the email is that receives the question reset. is there anything i can do to fix this or am i screwed?

  If you have music that was purchased on different iTunes accounts than the one you use, then you must provide the password, otherwise the tunes are not considered yours.  You can turn off iCloud and just use the usual USB sync method.  But I wonder whether you'll have the same problem?

• HT5312 i try everything to get back my answer for my security questions...but it is not working

  i try to get back my answer for my security questions but it is not working

  You need to ask Apple to reset your security questions; ways of contacting them include clicking here and picking a method for your country, phoning AppleCare and asking for the Account Security team, and filling out and submitting this form.
  (97524)