ACE20 and hashing algorithm

Similar Messages

• Using JHS tables and hashing with salt algorithms for Weblogic security

  We are going to do our first enterprise ADF/JHeadstart application. For security part, we are going to do the following:
  1. We will use JHS tables as authentication for ADF security.
  2. We will use JAAS as authentication and Custom as authorization.
  2. We need to use JHeadStart security service screen in our application to manage users, roles and permission, instead of doing users/groups management within Weblogic.
  3. We will create new Weblogic SQL Authentication Provider.
  4. We will store salt with password in the database table.
  5. We will use Oracle MDS.
  There are some blogs online giving detail steps on how to create Weblogic SQL Authentication Provider and use JHS tables as authentication for ADF security. I am not sure about the implementation of hashing with salt algorithms, as ideally we'd like to use JHS security service screen in the application to manage users, roles and permission, not using Weblogic to do the users/groups management. We are going to try JMX client to interact with Weblogic API, looks like it is a flexiable approach. Does anybody have experience on working with JMX, SQL Authentication Provider and hashing with salt algorithms? Just want to make sure we are on the right track.
  Thanks,
  Sarah

  To be clear, we are planning on using a JMX client at the Entity level using custom JHS entitiy classes.
  BradW working with Sarah

• OID And Java Hash Algorithm Output Differences?

  Hi,
  Can anyone tell me why I am not able to recreate the OID ldap password hash algorithm? Or can anyone tell me why I get these subtle differences between my Java created message digest and the one that is read directly from the oracle ldap hint password field? They are both based on the same original word "test".
  OID Hint Password from ldap ==> {SHA}zrFqbho8VPUOnVvtyUb4c+RWF+k=
  Hash created based on input ==> {SHA}zrFqbho8VPUOP1vtyUb4c+RWF+k=
  Here is a little background. I am working on developing a custom forgot password feature for my web site using OID 10g R2 and Java. I am able to retrieve the oracle hint password from OID using Java JNDI as the orcladmin. This ldap password is a SHA message digest, or hash, that is base 64 encoded. Since it is a one way algorithm I can not decrypt. So instead I take the clear text password string provided by the user and create a message digest(SHA) and then encode in base 64 using Java 1.4.2 like so;
  MessageDigest md = MessageDigest.getInstance("SHA");
  md.update(clearTextPassword.getBytes());
  String userSuppliedPassword = new String(md.digest());
  BASE64Encoder base64encoder = new BASE64Encoder();
  String output = "{SHA}" + base64encoder.encode(userSuppliedPassword.getBytes());
  By the way, I have been able to work around this issue by performing the compare using JNDI search but was curious why this was happening. Thanks!

  Hi
  I am having similar issue. I have to save passwords in encrypted form to LDAP. But not working. I am prepending the encrypted password {SHA} so OID should not convert further.
  Any help is appreciated
  Thanks

• System cryptography: Use FIPS compliant cryptographic algorithms, including encryption, hashing and signing algorithms

  Hi,
  I have enabled FIPS compliant algorithms,including encryption, hashing and signing algorithms in (Windows server 2012 R2 ), after enabling. My SSIS package is not working and i am not able open my SSRS also.
  So can any one assist in this.
  Surendran.G
  Regards, Surendran.G

  Hi,
  in latest security recommendation guides it is no longer recommended to use this setting (because it breaks a lot of stuff...).
  http://blogs.technet.com/b/secguide/archive/2014/04/07/why-we-re-not-recommending-fips-mode-anymore.aspx
  Consider turning it off if  you do not have strict resuirements for it.
  otherwise, You will have to investigate you code. SQL server forums would be the appropirate place to get help in troublesooting your code.
  MCP/MCSA/MCTS/MCITP

• How to enable SHA-2 hashing algorithm support on windows 7

  Hello All,
  Please suggest how to invalidate SHA-1 and MD5 algorithm on windows 7 and how to enable SHA-2.
  As suggested by Microsoft, regarding the availability of SHA-2 hashing algorithm, security update KB2949927 is installed on windows 7.
  Thank You

  Hi,
  Please check if you have installed the below mentioned update:
  http://support.microsoft.com/kb/2973337/en-us
  After installing this update, SHA512 is enabled for TLSv1.2.
  IE shall also be using TLS internally. Hope that should resolve your problem.
  Please refer to the below link for a similar discussion and its solution posted there:
  https://social.technet.microsoft.com/Forums/office/en-US/857c6804-8ce1-4f09-b657-00554055da16/tls-12-and-sha512?forum=winserversecurity
  (Please mark as answer if it resolves your issue. Please upvote if it is helpful.)
  Regards,
  Rajesh

• Is it possible to change the hash algorithm when I renew the Root CA

  My Root CA is installed on a Windows Server 2008. The Hash algorithm of Root CA in my environment is MD5. I would like to renew the Root CA and change the Hash algorithm to SHA1. Is it possible to change it?
  Regards,
  Terry | My Blog: http://terrytlslau.tls1.cc

  Hi,
  The hashing
  algorithm chosen during the setup of a Certificate Authority determines how the certificates that the CA issues are digitally signed. It is a one
  algorithm per CA scenario, so if your environment requires multiple algorithms for compatibility, then you will need multiple PKI hierarchies (one for each
  algorithm.) Prior to Windows 2008, you had to rebuild the CA and decommision the entire PKI hierarchy to
  change the signing algorithm used. In Windows 2008 and 2008 R2, we allow you to
  change the algorithm and from that point forward it will digitally sign all new certificates with the updated
  algorithm.
  The
  Certificate
  Services Enhancements in Longhorn Server Whitepaper describing these steps can be found under the section
  Configuring the Cryptographic Algorithms used by the CA.
  Step 1: Verify the configuration of the CRL and AIA paths. Sometimes users will manually
  change these paths to not include the crl name suffix variable that distinguish multiple certificates on a CA. This is important because the process of changing the
  algorithm requires the renewal of the private key and results in administration of multiple CA certificates. When we publish multiple crt and crls, they will be identified as CAName and CAName(1.) You can verify these paths
  include the variables by checking the registry keys below:
  [HKLM\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\{CAname}
  CRLPublicationURLs = "1:%WINDIR%\system32\CertSrv\CertEnroll\%%3%%8%%9.crl\n2:http://FCCA01.fourthcoffee.com/certenroll/%%3%%8%%9.crl\n10:ldap:///CN=%%7%%8,CN=%%2,CN=CDP,CN=Public
  Key Services,CN=Services,%%6%%10"
  CACertPublicationURLs = "1:%WINDIR%\system32\CertSrv\CertEnroll\%%1_%%3%%4.crt\n2:http://FCCA01.fourthcoffee.com/certenroll/%%1_%%3%%4.crt\n2:ldap:///CN=%%7,CN=AIA,CN=Public Key Services,CN=Services,%%6%%11"
  Step 2: Modify the CSP parameters to specify the new
  algorithm. The CSP may use the original CryptoAPI or Cryptography API:Next Generation - you can verify this by looking in the registry key
  HKLM\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\{CAname}\CSP.
  If you have the regvalues
  CNGPublicKeyAlgorithm and CNGHashAlgorithm then your CSP is using Next Generation.
  Change the
  algorithm from MD5 to SHA1 and was using Cryptography API: Next Generation. The original registry value was:
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertSvc\Configuration\{CAname}\CSP]
  "ProviderType"=dword:00000000
  "Provider"="Microsoft Software Key Storage Provider"
  "HashAlgorithm"=dword:00008003
  "CNGPublicKeyAlgorithm"="RSA"
  "CNGHashAlgorithm"="MD5"
  "MachineKeyset"=dword:00000001
  we changed it to
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertSvc\Configuration\{CAname}\CSP]
  "ProviderType"=dword:00000000
  "Provider"="Microsoft Software Key Storage Provider"
  "HashAlgorithm"=dword:00008004
  "CNGPublicKeyAlgorithm"="RSA"
  "CNGHashAlgorithm"="SHA1"
  "MachineKeyset"=dword:00000001
  Step 3: Restart the CA service. You can do this in the CA MMC. Right Click on the
  CA and choose "Stop Service" and "Start Service".
  Step 4: Renew the CA certificate with new Private Key. Right click on the CA and
  choose "Renew CA certificate". Choose to renew the public and private key pair. On completion, this will result in the CA having two certificates. You will see that the old one has the MD5 for the Signature
  Hash Algorithm and that the new certificate uses SHA1.
  Hope this helps!
  Best Regards
  Elytis Cheng
  TechNet Subscriber Support
  If you are
  TechNet Subscription
  user and have any feedback on our support quality, please send your feedback
  here.
  Elytis Cheng
  TechNet Community Support

• Signature hash algorithm (e.g. SHA-1, SHA-256...) used in Apple Mail ?

  Would anybody know what is the signature hash algorithm being used by Apple Mail ?
  And can be selected ?
  As NIST recommends the use of SHA-2 in 2011.
  I have searched quite a while but no information is found in this area.
  Thanks your help in advance !

  I've had the same problem now for approximately 6 months. Many of the senders in my inbox are wrong. I haven't changed anything other than upgraded to OS 10.7. It only effects some emails and not all. It is a problem when I search as well because the sender details can't be found
  Please help!!!
  Thanks.

• What is hash algorithm?

  Hi Everyone,
  Please see this article and explain me what is hash algorithm? How it works internally?
  Hash Partitioning
  Hash partitioning maps data to partitions based on a hashing algorithm that Oracle
  applies to the partitioning key that you identify. The hashing algorithm evenly
  distributes rows among partitions, giving partitions approximately the same size.
  Hash partitioning is the ideal method for distributing data evenly across devices. Hash
  partitioning is also an easy-to-use alternative to range partitioning, especially when
  the data to be partitioned is not historical or has no obvious partitioning key.Can we say it will act an Index?
  Regards,
  BS2012.
  Edited by: BS2012 on May 17, 2013 4:53 PM

  Hi,
  I was previously checking some basic stuffs in other sites and got suffered. Because of that, I want to confirm everything in forum itself. I got my answer. Thanks anyway for your reply.
  Regards,
  BS2012.

• Multicast and SCCM2012 and Hash error

  Ok, so I've searched this time through articles and they all pertain to 2007 - When trying to deploy an OS, Multicast is turned on, but I get the dreaded hash error.  If I turn multicast off, It works fine... not a logical solution.  I have verified
  with network that the switches all have multicast turned on.  I've deleted the image, re-added it and redeployed it countless times.  Still same issue.  The size of the image is 3.06 mb, so well under the 4mb issues that were in 2007. 
  I've also gone as far as recreating the image from scratch, and still no luck.
  Any ideas? This is 2012 SCCM.
  Thanks!

  That's what I meant, SMSTS.LOG - Here's what most of the log says:
  Verifying MCS certificate using default Hash Algorithm: 0x8004 ApplyOperatingSystem 7/11/2012 3:46:54 PM 1880 (0x0758)
  Initializing HTTP transport. ApplyOperatingSystem 7/11/2012 3:46:54 PM 1880 (0x0758)
  Setting URL = OPTIMUS.psdschools.org. ApplyOperatingSystem 7/11/2012 3:46:54 PM 1880 (0x0758)
  Setting Default Ports = 80 443 ApplyOperatingSystem 7/11/2012 3:46:54 PM 1880 (0x0758)
  Setting CRL = false. ApplyOperatingSystem 7/11/2012 3:46:54 PM 1880 (0x0758)
  Setting Media Certificate. ApplyOperatingSystem 7/11/2012 3:46:54 PM 1880 (0x0758)
  Setting Authenticator. ApplyOperatingSystem 7/11/2012 3:46:54 PM 1880 (0x0758)
  Set authenticator in transport ApplyOperatingSystem 7/11/2012 3:46:54 PM 1880 (0x0758)
  Preparing Multicast Session Request. ApplyOperatingSystem 7/11/2012 3:46:54 PM 1880 (0x0758)
  Setting transport. ApplyOperatingSystem 7/11/2012 3:46:54 PM 1880 (0x0758)
  Setting site code = SSC. ApplyOperatingSystem 7/11/2012 3:46:54 PM 1880 (0x0758)
  Setting client ID = {9C044138-650C-47F1-9AAE-150D809881BD}. ApplyOperatingSystem 7/11/2012 3:46:54 PM 1880 (0x0758)
  Setting remote path = http://OPTIMUS.psdschools.org/SMS_DP_SMSPKG$/SSC0003B. ApplyOperatingSystem 7/11/2012 3:46:54 PM 1880 (0x0758)
  Setting packageID = SSC0003B. ApplyOperatingSystem 7/11/2012 3:46:54 PM 1880 (0x0758)
  Setting server signing Certificate. ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  Executing Open Session Request. ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  Sending RequestMulticast ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  Setting message signatures. ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  Setting the authenticator. ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  CLibSMSMessageWinHttpTransport::Send: URL: OPTIMUS.psdschools.org:80 CCM_POST /SMS_MCS/.sms_mcs?op=opensession ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  Request was succesful. ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  Default CSP is Microsoft Enhanced RSA and AES Cryptographic Provider ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  Default CSP Type is 24 ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  MCSErrorCode = 0 ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  ResponseSessionOpen/SessionAction = 1 ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  ResponseSessionOpen/DPName = OPTIMUS ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  ResponseSessionOpen/Namespace = http://OPTIMUS.psdschools.org/SMS_DP_SMSPKG$/SSC0003B ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  ResponseSessionOpen/SessionStartTime = 0 ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  ResponseSessionOpen/MinimumSessionSize = 0 ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  not decoding EncryptionKey in ssl mode ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  Successfully parsed MCS response. ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  Found multicast service point 'OPTIMUS.psdschools.org' to serve request. ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  MCS open session request completed successfully ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  Using MCSServer: OPTIMUS ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  Using Namespace: http://OPTIMUS.psdschools.org/SMS_DP_SMSPKG$/SSC0003B ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  Using Encryption: FALSE ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  Session Start Time Delay:0 ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  Using LocalPath: D:\_SMSTaskSequence\Packages\SSC0003B ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  Opening firewall for X:\sms\bin\x64\OSDApplyOS.exe ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  Download: Server=OPTIMUS Namespace=http://OPTIMUS.psdschools.org/SMS_DP_SMSPKG$/SSC0003B RemoteObject=http://OPTIMUS.psdschools.org/SMS_DP_SMSPKG$/SSC0003B LocalObject=D:\_SMSTaskSequence\Packages\SSC0003B.{756A6CCE-5696-45A5-87D6-827682FCE3FE} ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  Checking volume for sparse files: D:\ ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  Volume supports sparse files: TRUE ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  [SparseFile] ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  Token before WdsTransportClientStartSession ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  Token is for User: NT AUTHORITY\SYSTEM ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  ThreadId: 0x758 User: NT AUTHORITY\SYSTEM ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  [Callback:SessionComplete:0x2] ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  WdsTransportClientStartSession(m_hDownload), HRESULT=80070002 (e:\nts_sccm_release\sms\server\mcs\consumer\mcdownload.cpp,182) ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  pDownload->Download(pwszServer, pwszNamespace, pwszRemoteObject, pwszLocalObject, uCacheSize), HRESULT=80070002 (e:\nts_sccm_release\sms\server\mcs\consumer\mcclient.cpp,120) ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  Encountered error transfering file (0x80070002). ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  Sending status message: SMS_OSDeployment_PackageDownloadMulticastStatusFail ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  Setting authenticator. ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  Set authenticator in transport ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  Sending StatusMessage ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  Setting message signatures. ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  Setting the authenticator. ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  CLibSMSMessageWinHttpTransport::Send: URL: OPTIMUS.psdschools.org:80 CCM_POST /ccm_system/request ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  Request was succesful. ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  Download done setting progress bar to 100 ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  Succesfully performed multicast download from mcs://OPTIMUS.psdschools.org/SMS_MCS/.sms_mcs?filePath=http://OPTIMUS.psdschools.org/SMS_DP_SMSPKG$/SSC0003B&PackageFlags=1241514144&packageID=SSC0003B&version=8 ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  VerifyContentHash: Hash algorithm is 32780 ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  Hash could not be matched for the downloded content. Original ContentHash = 51DE9114123FC1EA9F6638CCED3271AA856F255CDF8BFF6B4C3841D5FD7340AB, Downloaded ContentHash = ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  0L == TS::Utility::VerifyPackageHash(pszContentID, sDestination), HRESULT=80091007 (e:\nts_sccm_release\sms\framework\tscore\resolvesource.cpp,2900) ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  DownloadContentAndVerifyHash(pszPackageID, L"SMSPackage", saHttpContentSources, saSMBContentSources, saMulticastContentSources, sDestination, dwFlags, L"", 0, dwPackageFlags, pszUserName, pszUserPassword ), HRESULT=80091007 (e:\nts_sccm_release\sms\framework\tscore\resolvesource.cpp,3007) ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  DownloadContentLocally(pszSource, sSourceDirectory, dwFlags, hUserToken, pszUserName, pszUserPassword), HRESULT=80091007 (e:\nts_sccm_release\sms\framework\tscore\resolvesource.cpp,3217) ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  ResolveSource(pszSource, sSourceDirectory, dwFlags, 0, 0, 0), HRESULT=80091007 (e:\nts_sccm_release\sms\framework\tscore\resolvesource.cpp,3122) ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  TS::Utility::ResolveSource( this->packageID, this->packagePath, TS::Utility::ResolveSourceFlags::PersistContents ), HRESULT=80091007 (e:\nts_sccm_release\sms\client\osdeployment\applyos\installimage.cpp,1368) ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  resolvePkgSource(), HRESULT=80091007 (e:\nts_sccm_release\sms\client\osdeployment\applyos\installimage.cpp,1411) ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  Apply(), HRESULT=80091007 (e:\nts_sccm_release\sms\client\osdeployment\applyos\installimage.cpp,1614) ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  Installation of image 1 in package SSC0003B failed to complete..
  The hash value is not correct. (Error: 80091007; Source: Windows) ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  installer.install(), HRESULT=80091007 (e:\nts_sccm_release\sms\client\osdeployment\applyos\installimage.cpp,1689) ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  Entering ReleaseSource() for D:\_SMSTaskSequence\Packages\SSC0003B ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  The user tries to release a source directory D:\_SMSTaskSequence\Packages\SSC0003B that is either already released or we have not connected to it ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  InstallImage( g_InstallPackageID, g_ImageIndex, targetVolume, ImageType_OS, g_ConfigPackageID, g_ConfigFileName, bOEMMedia ), HRESULT=80091007 (e:\nts_sccm_release\sms\client\osdeployment\applyos\applyos.cpp,470) ApplyOperatingSystem 7/11/2012 3:46:55 PM 1880 (0x0758)
  Process completed with exit code 2148077575 TSManager 7/11/2012 3:46:55 PM 1124 (0x0464)
  !--------------------------------------------------------------------------------------------! TSManager 7/11/2012 3:46:55 PM 1124 (0x0464)
  Failed to run the action: Apply Operating System.
  The hash value is not correct. (Error: 80091007; Source: Windows) TSManager 7/11/2012 3:46:55 PM 1124 (0x0464)
  MP server http://OPTIMUS.psdschools.org. Ports 80,443. CRL=false. TSManager 7/11/2012 3:46:55 PM 1124 (0x0464)
  Setting authenticator TSManager 7/11/2012 3:46:55 PM 1124 (0x0464)
  Set authenticator in transport TSManager 7/11/2012 3:46:55 PM 1124 (0x0464)
  Sending StatusMessage TSManager 7/11/2012 3:46:55 PM 1124 (0x0464)
  Setting message signatures. TSManager 7/11/2012 3:46:55 PM 1124 (0x0464)
  Setting the authenticator. TSManager 7/11/2012 3:46:55 PM 1124 (0x0464)
  CLibSMSMessageWinHttpTransport::Send: URL: OPTIMUS.psdschools.org:80 CCM_POST /ccm_system/request TSManager 7/11/2012 3:46:55 PM 1124 (0x0464)
  Request was succesful. TSManager 7/11/2012 3:46:55 PM 1124 (0x0464)
  Set a global environment variable _SMSTSLastActionRetCode=-2146889721 TSManager 7/11/2012 3:46:55 PM 1124 (0x0464)
  Set a global environment variable _SMSTSLastActionSucceeded=false TSManager 7/11/2012 3:46:55 PM 1124 (0x0464)
  Clear local default environment TSManager 7/11/2012 3:46:55 PM 1124 (0x0464)
  Let the parent group (Install Operating System) decides whether to continue execution TSManager 7/11/2012 3:46:55 PM 1124 (0x0464)
  The execution of the group (Install Operating System) has failed and the execution has been aborted. An action failed.
  Operation aborted (Error: 80004004; Source: Windows) TSManager 7/11/2012 3:46:55 PM 1124 (0x0464)
  Failed to run the last action: Apply Operating System. Execution of task sequence failed.
  The hash value is not correct. (Error: 80091007; Source: Windows) TSManager 7/11/2012 3:46:55 PM 1124 (0x0464)
  MP server http://OPTIMUS.psdschools.org. Ports 80,443. CRL=false. TSManager 7/11/2012 3:46:55 PM 1124 (0x0464)
  Setting authenticator TSManager 7/11/2012 3:46:55 PM 1124 (0x0464)
  Set authenticator in transport TSManager 7/11/2012 3:46:55 PM 1124 (0x0464)
  Sending StatusMessage TSManager 7/11/2012 3:46:56 PM 1124 (0x0464)
  Setting message signatures. TSManager 7/11/2012 3:46:56 PM 1124 (0x0464)
  Setting the authenticator. TSManager 7/11/2012 3:46:56 PM 1124 (0x0464)
  CLibSMSMessageWinHttpTransport::Send: URL: OPTIMUS.psdschools.org:80 CCM_POST /ccm_system/request TSManager 7/11/2012 3:46:56 PM 1124 (0x0464)
  Request was succesful. TSManager 7/11/2012 3:46:56 PM 1124 (0x0464)
  Executing command line: X:\WINDOWS\system32\cmd.exe /k TSBootShell 7/11/2012 3:47:00 PM 808 (0x0328)
  The command completed successfully. TSBootShell 7/11/2012 3:47:00 PM 808 (0x0328)
  Successfully launched command shell. TSBootShell 7/11/2012 3:47:00 PM 808 (0x0328)

• Which SHA hash algorithm is DS 5.1 using?

  i'm trying to find out whether DS 5.1 uses the SHA-1 (160 bit) or the SHA-256 (256bit). i'm using coldfusion to query the directory and in order to compare password given by the user with the one stored in the directory i should hash the given password. coldfusion (a library, it's not a default function) has two differnt hash algorithms SHA-1 and SHA-256, which one should i use?
  ioanna

  DS uses SHA-1 (160 bit). And I'm not sure what you are proposing will work. I think you need the salt to generate the hash. Why do you need to compare the password outside the directory? You might be able to use the LDAP compare operation.

• Configuring AD LDS Password Hash Algorithm

  Hello,
  I have a client which has a requirement that the passwords in Active Directory should be stored using the Secure Hash Standard (SHS) standard. This could be SHA-1 or SHA-2.
  Could you please tell me where can I check the current hashing algorithm and configure the new one?
  Windows Server 2008 R2 Enterprise
  Forest & Domain functional level: Windows Server 2008 R2
  Thanks!

  Hi Levente,
  I don’t think it is possible to specify algorithm to encrypt AD passwords. The password is computed by RSA MD-4 and MD-5 algorithm.
  More information for you:
  Help: How to configure encryption/hashing policies on Active Directory 2008 LDS
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/04591e6e-22d3-4251-ab55-b778a479465e/help-how-to-configure-encryptionhashing-policies-on-active-directory-2008-lds?forum=winserverDS
  View Password hash in Active Directory
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/63e3cf2d-f186-418e-bc85-58bdc1861aae/view-password-hash-in-active-directory?forum=winserverfiles
  Active Directory hashing algorithms used?
  http://social.technet.microsoft.com/forums/windowsserver/en-US/7fbc0669-2ccb-4c24-9f08-24241e30d72b/active-directory-hashing-algorithms-used
  Md5 passwords in Active Directory
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/5bed809e-3e04-4917-b940-47d3c758987f/md5-passwords-in-active-directory
  Best Regards,
  Amy

• Hash algorithms for passwords.

  Hello!
  I have those question.
  When I store password in database I can use any hash algorithms.
  But if I would use local database and start my application on another computer values after hashing will be the same or not?
  For example :
  string password = "admin";
  int passwordToDb = password.GetHashCode(); // this value I save in db.
  On another computer, when I will verify my password and calculate hash, it wouldn't be the same? I guess that not.
  And what about SHA algorithms? Will I have such problem?

  Use MD5 encryption :
  /// <summary>
          /// Hasher la chaîne en MD5
          /// </summary>
          /// <param name="chaine">La chaîne à hasher.</param>
          /// <returns>La chaîne hashée.</returns>
          public static String hashWithMD5(String chaine)
              //L'objet MD5.
              MD5 md5HashAlgo = MD5.Create();
              //le résultat.
              StringBuilder resultat = new StringBuilder();
              //Tableau d'octes pour le hashage.
              byte[] byteArrayToHash = Encoding.UTF8.GetBytes(chaine);
              //Hasher la chaîne puis placer le résultat dans le tableau.
              byte[] hashResult = md5HashAlgo.ComputeHash(byteArrayToHash);
              //Parcourir le tableau pour le mettre dans le résultat.
              for (int i = 0; i < hashResult.Length; i++)
                  //Afficher le Hash en hexadecimal.
                  resultat.Append(hashResult[i].ToString("X2"));
              //Retourner le résultat.
              return resultat.ToString();

• What is the difference between standard,sorted and hash table

  <b>can anyone say what is the difference between standard,sorted and hash tabl</b>

  Hi,
  Standard Tables:
  Standard tables have a linear index. You can access them using either the index or the key. If you use the key, the response time is in linear relationship to the number of table entries. The key of a standard table is always non-unique, and you may not include any specification for the uniqueness in the table definition.
  This table type is particularly appropriate if you want to address individual table entries using the index. This is the quickest way to access table entries. To fill a standard table, append lines using the (APPEND) statement. You should read, modify and delete lines by referring to the index (INDEX option with the relevant ABAP command). The response time for accessing a standard table is in linear relation to the number of table entries. If you need to use key access, standard tables are appropriate if you can fill and process the table in separate steps. For example, you can fill a standard table by appending records and then sort it. If you then use key access with the binary search option (BINARY), the response time is in logarithmic relation to
  the number of table entries.
  Sorted Tables:
  Sorted tables are always saved correctly sorted by key. They also have a linear key, and, like standard tables, you can access them using either the table index or the key. When you use the key, the response time is in logarithmic relationship to the number of table entries, since the system uses a binary search. The key of a sorted table can be either unique, or non-unique, and you must specify either UNIQUE or NON-UNIQUE in the table definition. Standard tables and sorted tables both belong to the generic group index tables.
  This table type is particularly suitable if you want the table to be sorted while you are still adding entries to it. You fill the table using the (INSERT) statement, according to the sort sequence defined in the table key. Table entries that do not fit are recognised before they are inserted. The response time for access using the key is in logarithmic relation to the number of
  table entries, since the system automatically uses a binary search. Sorted tables are appropriate for partially sequential processing in a LOOP, as long as the WHERE condition contains the beginning of the table key.
  Hashed Tables:
  Hashes tables have no internal linear index. You can only access hashed tables by specifying the key. The response time is constant, regardless of the number of table entries, since the search uses a hash algorithm. The key of a hashed table must be unique, and you must specify UNIQUE in the table definition.
  This table type is particularly suitable if you want mainly to use key access for table entries. You cannot access hashed tables using the index. When you use key access, the response time remains constant, regardless of the number of table entries. As with database tables, the key of a hashed table is always unique. Hashed tables are therefore a useful way of constructing and
  using internal tables that are similar to database tables.
  Regards,
  Ferry Lianto

• Actual difference between a standard , sorted and hashed atble

  hi ,
  1. what is the actual difference between a
     standard,sorted and hashed table ? and
  2. where and when these are actually used and applied ?
     provide explanation with an example ....

  hi
  good
  Standard Internal Tables
  Standard tables have a linear index. You can access them using either the index or the key. If you use the key, the response time is in linear relationship to the number of table entries. The key of a standard table is always non-unique, and you may not include any specification for the uniqueness in the table definition.
  This table type is particularly appropriate if you want to address individual table entries using the index. This is the quickest way to access table entries. To fill a standard table, append lines using the (APPEND) statement. You should read, modify and delete lines by referring to the index (INDEX option with the relevant ABAP command).  The response time for accessing a standard table is in linear relation to the number of table entries. If you need to use key access, standard tables are appropriate if you can fill and process the table in separate steps. For example, you can fill a standard table by appending records and then sort it. If you then use key access with the binary search option (BINARY), the response time is in logarithmic relation to
  the number of table entries.
  Sorted Internal Tables
  Sorted tables are always saved correctly sorted by key. They also have a linear key, and, like standard tables, you can access them using either the table index or the key. When you use the key, the response time is in logarithmic relationship to the number of table entries, since the system uses a binary search. The key of a sorted table can be either unique, or non-unique, and you must specify either UNIQUE or NON-UNIQUE in the table definition.  Standard tables and sorted tables both belong to the generic group index tables.
  This table type is particularly suitable if you want the table to be sorted while you are still adding entries to it. You fill the table using the (INSERT) statement, according to the sort sequence defined in the table key. Table entries that do not fit are recognised before they are inserted. The response time for access using the key is in logarithmic relation to the number of
  table entries, since the system automatically uses a binary search. Sorted tables are appropriate for partially sequential processing in a LOOP, as long as the WHERE condition contains the beginning of the table key.
  Hashed Internal Tables
  Hashes tables have no internal linear index. You can only access hashed tables by specifying the key. The response time is constant, regardless of the number of table entries, since the search uses a hash algorithm. The key of a hashed table must be unique, and you must specify UNIQUE in the table definition.
  This table type is particularly suitable if you want mainly to use key access for table entries. You cannot access hashed tables using the index. When you use key access, the response time remains constant, regardless of the number of table entries. As with database tables, the key of a hashed table is always unique. Hashed tables are therefore a useful way of constructing and
  using internal tables that are similar to database tables.
  THANKS
  MRUTYUN

• HTTPS SSL Certificate Signed using Weak Hashing Algorithm

  I am support one client for,  whom falls under Security  scans mandatory for new implementation of ASA 5520 device .  The client uses Nessus Scan and  the test results are attached
  The Nessus scanner hit on 1 Medium vulnerabilities, Could you pls review the statement and provide work around for the same.
  Nessus Scanner reports
  Medium Severity Vulnerability
  Port : https (443/tcp)
  Issue:
  SSL Certificate Signed using Weak Hashing  Algorithm
  Synopsis :
  The SSL certificate has been signed using  a weak hash algorithm.
  Description :
  The remote service uses an  SSL certificate that has been signed using
  a cryptographically weak hashing  algorithm - MD2, MD4, or MD5. These
  signature algorithms are known to be  vulnerable to collision attacks.
  In theory, a determined attacker may be  able to leverage this weakness
  to generate another certificate with the same  digital signature, which
  could allow him to masquerade as the affected  service.
  See also :
  http://tools.ietf.org/html/rfc3279
  http://www.phreedom.org/research/rogue-ca/
  http://www.microsoft.com/technet/security/advisory/961509.mspx
  http://www.kb.cert.org/vuls/id/836068
  Solution :
  Contact the Certificate Authority to have the certificate  reissued.
  Plugin Output :
  Here is the service's SSL certificate  :
  Subject Name:
  Common Name: xxxxxxxxxx
  Issuer Name:
  Common Name: xxxxxxxxxx
  Serial Number: D8 2E 56 4E
  Version: 3
  Signature Algorithm: MD5 With RSA  Encryption
  Not Valid Before: Aug 25 11:15:36 2011 GMT
  Not Valid After:  Aug 22 11:15:36 2021 GMT
  Public Key Info:
  Algorithm: RSA  Encryption
  Public Key: 00 AA AB 57 9C 74 FF E9 FB 68 E1 BF 69 90 8E D2 65 7F  DF 40
  D6 F6 29 E7 35 5E 16 FB 76 AA 03 3F 47 07 5A D0 6D 07 E0 EC
  06 7E  D4 9A 43 C6 B3 A6 93 B7 76 CC 58 31 25 36 98 04 30 E6
  77 56 D7 C3 EE EF 7A  79 21 5E A0 78 9B F6 1B C5 E6 2A 10 B5
  CB 90 3D 6D 7C A0 8D B1 B8 76 61 7F  E2 D1 00 45 E2 A1 C7 9F
  57 00 37 60 27 E1 56 2A 83 F5 0E 48 36 CC 61 85 59  54 0C CB
  78 82 FB 50 17 CB 7D CD 15
  Exponent: 01 00 01
  Signature: 00 24 51 24 25 47 62 30 73 95 37 C4 71 7E BD E4 95 68 76 35
  2E AF 2B 4A 23 EE 15 AF E9 09 93 3F 02 BB F8 45 00 A1 12 A9
  F7 5A 0C E8  4D DB AE 92 70 E4 4C 24 10 58 6B A9 87 E1 F0 12
  AE 12 18 E8 AB DF B9 02 F7  DA BE 3C 45 02 C4 1E 81 44 C2 74
  25 A2 81 E7 D6 38 ED B9 66 4C 4A 17 AC E3  05 1A 01 14 88 23
  E8 9F 3B 5C C5 B8 13 97 27 17 C3 02 5F 6E 7C DB 4C D3 65  B5
  C5 FC 94 62 59 04 E7 7E FB
  CVE :
  CVE-2004-2761
  BID :
  BID 11849
  BID  33065
  Other References :
  OSVDB:45106
  OSVDB:45108
  OSVDB:45127
  CWE:310
  Nessus Plugin ID  :
  35291
  VulnDB ID:
  69469
  and try with configure the ssl encryption method with " ssl encryption 3des-sha1 aes128-sha1 aes256-sha1 rc4-md5" but it throws the same issue.
  Here is ASA log
  7|Oct 19 2011 01:59:34|725010: Device supports the following 4 cipher(s).
  7|Oct 19 2011 01:59:34|725011: Cipher[1] : DES-CBC3-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[2] : AES128-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[3] : AES256-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[4] : RC4-MD5
  7|Oct 19 2011 01:59:34|725008: SSL client production:xxxxxxxxx/2587 proposes the following 26 cipher(s).
  7|Oct 19 2011 01:59:34|725011: Cipher[1] : ADH-AES256-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[2] : DHE-RSA-AES256-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[3] : DHE-DSS-AES256-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[4] : AES256-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[5] : ADH-AES128-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[6] : DHE-RSA-AES128-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[7] : DHE-DSS-AES128-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[8] : AES128-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[9] : ADH-DES-CBC3-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[10] : ADH-DES-CBC-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[11] : EXP-ADH-DES-CBC-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[12] : ADH-RC4-MD5
  7|Oct 19 2011 01:59:34|725011: Cipher[13] : EXP-ADH-RC4-MD5
  7|Oct 19 2011 01:59:34|725011: Cipher[14] : EDH-RSA-DES-CBC3-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[15] : EDH-RSA-DES-CBC-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[16] : EXP-EDH-RSA-DES-CBC-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[17] : EDH-DSS-DES-CBC3-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[18] : EDH-DSS-DES-CBC-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[19] : EXP-EDH-DSS-DES-CBC-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[20] : DES-CBC3-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[21] : DES-CBC-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[22] : EXP-DES-CBC-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[23] : EXP-RC2-CBC-MD5
  7|Oct 19 2011 01:59:34|725011: Cipher[24] : RC4-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[25] : RC4-MD5
  7|Oct 19 2011 01:59:34|725011: Cipher[26] : EXP-RC4-MD5
  7|Oct 19 2011 01:59:34|725012: Device chooses cipher : DES-CBC3-SHA for the SSL session with client production:xxxxxxxx/2586
  6|Oct 19 2011 01:59:34|725002: Device completed SSL handshake with client production:xxxxxxxxx/2586
  6|Oct 19 2011 01:59:34|725007: SSL session with client production:xxxxxxxx/2586 terminated.
  6|Oct 19 2011 01:59:34|302014: Teardown TCP connection 3201 for production:xxxxxxx/2586 to identity:xxxxxx/443 duration 0:00:00 bytes 758 TCP Reset-I
  6|Oct 19 2011 01:59:34|302013: Built inbound TCP connection 3202 for production:xxxxxxxxxxx/2587 (xxxxxxxxx/2587) to identity:xxxxxx/443 (xxxxxxx/443)
  6|Oct 19 2011 01:59:34|725001: Starting SSL handshake with client production:xxxxxxxxxxx/2587 for TLSv1 session.
  7|Oct 19 2011 01:59:34|725010: Device supports the following 4 cipher(s).
  7|Oct 19 2011 01:59:34|725011: Cipher[1] : DES-CBC3-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[2] : AES128-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[3] : AES256-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[4] : RC4-MD5
  7|Oct 19 2011 01:59:34|725008: SSL client production:xxxxxxxxx/2587 proposes the following 26 cipher(s).
  7|Oct 19 2011 01:59:34|725011: Cipher[1] : ADH-AES256-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[2] : DHE-RSA-AES256-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[3] : DHE-DSS-AES256-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[4] : AES256-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[5] : ADH-AES128-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[6] : DHE-RSA-AES128-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[7] : DHE-DSS-AES128-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[8] : AES128-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[9] : ADH-DES-CBC3-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[10] : ADH-DES-CBC-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[11] : EXP-ADH-DES-CBC-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[12] : ADH-RC4-MD5
  7|Oct 19 2011 01:59:34|725011: Cipher[13] : EXP-ADH-RC4-MD5
  7|Oct 19 2011 01:59:34|725011: Cipher[14] : EDH-RSA-DES-CBC3-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[15] : EDH-RSA-DES-CBC-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[16] : EXP-EDH-RSA-DES-CBC-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[17] : EDH-DSS-DES-CBC3-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[18] : EDH-DSS-DES-CBC-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[19] : EXP-EDH-DSS-DES-CBC-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[20] : DES-CBC3-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[21] : DES-CBC-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[22] : EXP-DES-CBC-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[23] : EXP-RC2-CBC-MD5
  7|Oct 19 2011 01:59:34|725011: Cipher[24] : RC4-SHA
  7|Oct 19 2011 01:59:34|725011: Cipher[25] : RC4-MD5
  7|Oct 19 2011 01:59:34|725011: Cipher[26] : EXP-RC4-MD5
  7|Oct 19 2011 01:59:34|725012: Device chooses cipher : DES-CBC3-SHA for the SSL session with client production:xxxxxxxxxx/2587
  6|Oct 19 2011 01:59:34|725002: Device completed SSL handshake with client production:xxxxxxxxx/2587
  H

  Hi Ramkumar,
  The report is complaining that the Certificate Authority who signed the ID certificate presented by the ASA used a weak hashing algorithm. First, you need to determine who signed the certificate.
  If the certificate is self-signed by the ASA, you can generate a new certificate and use SHA1 as the hashing algorithm. To do this, the ASA needs to be running a software version that is at least 8.2(4) (8.3 and 8.4 software also support SHA1).
  If the certificate is signed by an external CA, you need to contact them and ask them to sign a new certificate for you using SHA instead of MD5.
  The links you posted have more information on this as well. Hope that helps.
  -Mike