Any extremely weak encryption suggestions?

Similar Messages

• Remote host supports the use of SSL ciphers that offer weak encryption

  Dear All,
  Our Internal security audit suggests to avoid the use of Week SSL ciphers for our SAP PI 7.0 servers.
  We have followed the SAP note 510007 - Setting up SSL on Web Application Server ABAP
  as mentioned in the point 6 we have added below parameter in the instance profile of application server  and restarted our server but still the issue is not resoved.
  ssl/ciphersuites=MEDIUM:HIGH:EXPORT:!LOW:!eNULL
  Clients are accessing our PI server through SAP Web dispatcher.
  Kindly suggest the action to be taken to resolve the issue.
  Please find the below comment from Audit.
  The remote host supports the use of SSL ciphers that offer weak encryption.
  Note: This is considerably easier to exploit if the attacker is on the same physical network
  Regards,
  Lalitha.

  Hi Jim,
  The remote host is the PI(7.0) server.
  PI server profile
  FN_JSTART = jcontrol$(FT_EXE)
  ssl/ciphersuites = HIGH:MEDIUM:!mMD5
  jstartup/recorder = java -classpath ../j2ee/cluster/bootstrap/launcher.jar com.sap.engine.offline.OfflineToolStart com.sap.engine.flightrecorder.core.Collector ../j2ee/
  cluster/bootstrap -node %nodeID% %startTime% -bz $(DIR_GLOBAL) âexitcode %exitcode%
  login/accept_sso2_ticket = 1
  SAPSYSTEMNAME = APQ
  SAPSYSTEM = 00
  INSTANCE_NAME = DVEBMGS00
  DIR_CT_RUN = $(DIR_EXE_ROOT)/run
  DIR_EXECUTABLE = $(DIR_INSTANCE)/exe
  jstartup/trimming_properties = off
  jstartup/protocol = on
  jstartup/vm/home = /opt/IBMJava2-amd64-142
  jstartup/max_caches = 500
  jstartup/release = 700
  jstartup/instance_properties = $(jstartup/j2ee_properties):$(jstartup/sdm_properties)
  j2ee/dbdriver = /oracle/client/10x_64/instantclient/ojdbc14.jar
  PHYS_MEMSIZE = 512
  exe/saposcol = $(DIR_CT_RUN)/saposcol
  rdisp/wp_no_dia = 10
  rdisp/wp_no_btc = 3
  exe/icmbnd = $(DIR_CT_RUN)/icmbnd
  rdisp/j2ee_start_control = 1
  rdisp/j2ee_start = 1
  rdisp/j2ee_libpath = $(DIR_EXECUTABLE)
  exe/j2ee = $(DIR_EXECUTABLE)/jcontrol$(FT_EXE)
  rdisp/j2ee_timeout = 1800
  rdisp/frfc_fallback = on
  icm/HTTP/j2ee_0 = PREFIX=/,HOST=localhost,CONN=0-500,PORT=5$$00
  icm/server_port_0 = PROT=HTTP,PORT=80$$
  # SAP Messaging Service parameters are set in the DEFAULT.PFL
  ms/server_port_0 = PROT=HTTP,PORT=81$$
  rdisp/wp_no_enq = 1
  rdisp/wp_no_vb = 1
  rdisp/wp_no_vb2 = 1
  rdisp/wp_no_spo = 1
  # Jcontrol: Migrated Profile Parameter
  #      create at Wed Mar 25 20:20:02 2009
  j2ee/instance_id = ID0079698
  Web dispatcher profile
  SAPSYSTEMNAME = WD0
  SAPSYSTEM = 00
  INSTANCE_NAME = W00
  DIR_CT_RUN = $(DIR_EXE_ROOT)/run
  DIR_EXECUTABLE = $(DIR_CT_RUN)
  wdisp/shm_attach_mode = 6
  # Accesssability of Message Server
  #rdisp/mshost = asapq00.b.com
  #ms/http_port = 8100
  #ms/https_port = 8101
  wdisp/system_0 = MSHOST=asapq00.b.com, MSPORT=8100, SID=APQ
  # Configuration for medium scenario
  icm/max_conn               = 16350
  icm/max_sockets            = 32768
  wdisp/HTTPS/max_pooled_con = 16350
  icm/req_queue_len          = 8000
  icm/min_threads            = 100
  icm/max_threads            = 500
  mpi/total_size_MB          = 700
  mpi/buffer_size            = 32768
  mpi/max_pipes              = 21000
  wdisp/HTTP/max_pooled_con  = 8192
  wdisp/HTTPS/max_pooled_con = 8192
  # SAP Web Dispatcher Ports
  icm/server_port_0 = PROT=HTTP,PORT=80,EXTBIND=1
  icm/server_port_1 = PROT=ROUTER,PORT=443,EXTBIND=1
  #icm/host_name_full= asapq00.b.com
  icm/host_name_full= qtyh2h.k.co.in
  icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=./admin,AUTHFILE=/sapmnt/WD0/global/security/data/icmauth.txt
  ssl/ssl_lib=/usr/sap/WD0/W00/sec/libsapcrypto.so
  wdisp/HTTPS/dest_logon_group = PUBLIC
  wdisp/HTTPS/max_client_ip_entries = 100000
  wdisp/HTTPS/sticky_mask = 255.255.255.0
  #Additional Parameters
  wdisp/add_client_protocol_header = true
  wdisp/auto_refresh = 120
  wdisp/max_servers = 100
  wdisp/handle_webdisp_ap_header = 1
  #Registering SAP Web Dispatcher in the SLD
  #wdisp/system_0 = HOST=asapq00.b.com, PORT=8100, SID=APQ, NR=00
  #Parameter to avoid week SSL ciphers
  ssl/ciphersuites=HIGH:MEDIUM:!mMD5
  Regards,
  Lalitha

• How weak is weak encryption?

  I have several values my java program is posting to my php webserver
  I have done a variety of weak encryption methods to protect already encoded values ( like serial number, username, etc. )
  I use random values to encode multiple shifts over the data, then finally encode with specific information on the sending machine
  the server takes this apart, and sends a response also encoding with the client specific info along with an alternate set of random shifts.
  the client then grabs the machine specifics and decodes the message
  How much protection do I really need when communicating back and forth between my own applications? I feel like the main security concern is man in the middle attacks, and if this method prevents that.
  Thanks for any replies.

  if they sit in the middle, they don't have the hardware spec.
  also its not an open protocol.... its not for secure data, its for authentication of a license. The hardware spec of the client is embedded into the original message from client->server in a randomized way
  server strips this out of the message and sends a response also embedded with the same hardware mixup, the client then only authenticates if it gets not only a valid license response but with the correct hardware key that matches the system.
  so even if you reconstructed the correct message, if the java app on the client can't verify your hardware, it won't launch.
  Its not really the sensitivity of the data I am worried about so much as the possibility of a client forcing java to think there is hardware on a machine that there isn't (ie they figure out what I've done and want to fake the hardware fingerprint)
  however I feel like if someone got this far they probably could have spent less time simply removing the authentication code from my java object code.

• Is there any way to Encrypt an Exported report ?

  Hi,
  Is there any way to encrypt an Exported Report , i.e. after saving  a report to Local by exporting , when the user tries to open the report it should prompt for credentials .
  Is there any api which would support this encryption ?
  Any sample code,
  Pls suggest .....

  Is there any other alternate way available to encrypt a  report ?
  Atleast at the time of viewing the report or by passing credentials as parameterFeilds to the report and prompting the user for credentials at the time of viewing , I checked the CrystalReportViewer and ReportExportControl api didn't find any method to encrypt.
  If its not feasible using CrystalReport api's ,Is there any other option available ?
  Pls suggest....

• "SAP Web Dispatcher" & "Weak Encryption Vulnerability"

  Hello everyone,
  First, if I've posted this question in an inappropriate forum, I apologize.  If you'll direct me to a more appropriate forum, I'll post this question there.
  Here's my issue...  we've just installed a set of SAP Web Dispatchers in our DMZ, and we've configured the HTTPS/SSL functionality so that Internet consumers can securely communicate with us.
  We periodically enlist the services of Qualsys to scan our Internet touchpoints.  Since we made so many changes to our firewall routing rules & such in order to setup the dispatchers, we thought it would be a good idea to perform a new Qualsys scan.
  Unfortunately, their latest scans reveal a "weak encryption vulnerability".  Here's a snippet from the report:
  SSL encryption ciphers are classified based on encryption key length as follows:
  HIGH - key length larger than 128 bits
  MEDIUM - key length equal to 128 bits
  LOW - key length smaller than 128 bits
  Messages encrypted with LOW encryption ciphers are easy to decrypt. Commercial SSL servers should only support MEDIUM or HIGH strength ciphers to
  guarantee transaction security.
  Their recommended solution for us is to "Disable support for LOW encryption ciphers."  My question to you, in turn, is... How do I do that? 
  We're currently using version 7.00 (patch 167) of the dispatchers, along with SAPCRYPTOLIB version 5.5.5pl24 (11-Jun-2008).  The only time during configuration that I remember specifying a key length was when I used the sapgenpse program to generate the certificate requests.  I always specified 1,024 during that process.
  Anyone have any ideas?
  Thanks,
  ~Fred Claypool, Jr.

  > First, if I've posted this question in an inappropriate forum, I apologize. 
  No problem. If you get no answer here, try also this forum:
  Security
  Regards
  Stefan

• Hello Anybody, I have a question. Can any of you please suggest me how to make an xml file from the database table with all the rows? Note:- I am having the XSD Schema file and the resulted XML file should be in that XSD format only.

  Hello Anybody, I have a question. Can any of you please suggest me how to make an xml file from the database table with all the records?
  Note:- I am having the XSD Schema file and the resulted XML file should be in that XSD format only.

  The Oracle documentation has a good overview of the options available
  Generating XML Data from the Database
  Without knowing your version, I just picked 11.2, so you made need to look for that chapter in the documentation for your version to find applicable information.
  You can also find some information in XML DB FAQ

• Hi , i've ipad 4G . i live in dubai (UAE) , i make apple id but cannot able to download any apps so plz suggest me. How to register apple ID without cradit card on Itune in UAE region ?

  hi , i've ipad 4G . i live in dubai (UAE) , i make apple id but cannot able to download any apps so plz suggest me. How to register apple ID without cradit card on Itune in UAE region ?

  Step 1 to 8 with pictures attached:
  1. Select any free app
  http://i1224.photobucket.com/albums/ee374/Diavonex/5622c304.jpg
  2. Tap install App
  http://i1224.photobucket.com/albums/ee374/Diavonex/9c71cbba.jpg
  3. Just tap Create New Apple ID
  http://i1224.photobucket.com/albums/ee374/Diavonex/3564262e.jpg
  4. Confirm your country; fill in your country's name
  http://i1224.photobucket.com/albums/ee374/Diavonex/15af6726.jpg
  5. Agree with Term and Condition
  http://i1224.photobucket.com/albums/ee374/Diavonex/a50cb07a.jpg
  6. Fill in your Apple ID and Password
  http://i1224.photobucket.com/albums/ee374/Diavonex/f942f7f5.jpg
  7. Create and answer secret question
  http://i1224.photobucket.com/albums/ee374/Diavonex/774b1991.jpg
  8. Select NONE for billing information
  http://i1224.photobucket.com/albums/ee374/Diavonex/6f6e54ff.jpg
  Other pictures
  http://i1224.photobucket.com/albums/ee374/Diavonex/553a2651.jpg
  http://i1224.photobucket.com/albums/ee374/Diavonex/52783119.jpg
  http://i1224.photobucket.com/albums/ee374/Diavonex/a5fcfc6b.jpg

• Extremely weak vibration in Nokia Lumia 925

  I bought a new Nokia Lumia 925 last week. It has extremely weak vibration in Silent mode or Ring + Vibrate mode. I have missed several calls due to this problem. Earlier I had a Samsung mobile which had good vibration. While Nokia Lumia 925 has several good features but this weak vibration is a big problem for me. I see that several people have faced this issue. If Nokia does not replace my mobile with a good working one, I will go back to Samsung for this single problem of weak vibration in Nokia Lumia 925

  Even my lumia 520 has a weak vibration, and i think is all lumia phones, the vibration is very weak
  posted from my nokia x2

• HT203175 My iPhone 4 lost all of my contact numbers this morning. Any ideas why or suggestions on recovering them?

  My iPhone 4 lost all of my contact numbers this morning. Any ideas why or suggestions on recovering them?

  you only want to sync from 1 or the other. not both. i recommend sticking with one backup area. in your info section of itunes, make sure that you are not selecting to replace the data on the device.

• Iphone 3gs extreme weak wifi signal with wrt160N - suggestions?

  Linksys wrt160N v3.0.00 build 010 Jan 30, 2009
  iphone 3gs firmware v3.1.2
  Set up network to include a few laptops with N cards, a PS3 – all ok
  When it comes out of sleep mode it connects at full signal strength , then within 15 seconds drops to just the one dot
  Under a dLink G router, full signal strength right up to 30 feet outside of the house
  Here in condo just purchased the Linksys and standing right next to it i get a practically non existant wifi signal
  Go back to parents house with g router , works perfectly.
  I thought the N router is set up to be backward compatible and if need be broadcast in G mode for G devices
  Is there anything I should be aware of in the settings.
  I followed the basic setup - no manual fiddeling with any of the settings.

  gv wrote:
  1. You can check all the settings through the web interface at http://192.168.1.1/
  2. As long as your iPhone maintains a connection and does not really slow down it does not matter how many bars the iPhone shows. I think the iPhone has problems calculating the correct signal strength on 802.11n routers. I have seen something similar on a dlink router. My iPhone jumped from 5 to 1 and back. Most of the time it was at 1 bar. Yet, I had perfect connections and normal internet speed. Thus, check internet functions on your iPhone. Unless you loose connections or they get extremely slow I would simply ignore it.
  Problem being is that I'm not sure where to check via the web interface as to what mode it's on right out of the box.
  The only way, recalling from last night's attempts, is if I go in and select the manual settings option rather than the wifi protected button, which would then allow me to enter manual settings.
  Only there, would I know what it would be set at because I would obviously have to set it. I'd rather not go into changing manual settings unless absolutely necessary at this point. 
  As for the iphone not displaying the signal strength correctly - I'd have to say it is, given the following download speed test results: 27, 95 , 28, 149 kbps (not the most spectacular) compared to say 9388 kbps when the iPhone initially comes out of sleep and connects to the network. The signal drops to the one dot within about 10-15 seconds approximately.
  With the old dLink G router, the signal strength registered full and download speed tests supported that, same as outlined above with the weak signal and corresponding d/l results.

• Airport Extreme - Weak Signal

  Good morning -
  I have a 17" iMac G4 800 (no Airport Card - cable connected to the Airport base station) and a 12" PowerBook G4 133, networked with Airport Extreme. I connect to the internet via DSL with a Siemens Speedstream 4100. My ISP claims download speeds up to 6Mbps although it's usually closer to 4 or 5 (I don't know if this is relevant but thought I'd include it).
  The Airport signal at the PowerBook is very weak - no more than 1 or 2 bars. It's only 50 feet away and inside the house. This is a relatively recent development - perhaps the past two or three months at the outside. The PowerBook works fine at other locations, so I don't think it's the antenna, and a friend's PowerBook also had the same problem during a recent visit.
  - I have a closed network, so I don't think there's any additional drain on the signal.
  - Unplugged both microwave and cordless phones and saw no change in signal power.
  - Moved the Airport to provide a more direct line to the PowerBook, and rebooted both the modem and the Airport.
  - Downloaded and ran MacStumbler and did find that several other nearby networks were on the same channel as I was (Channel 6). I've cycled through all other channels 1-11 but I'm still at one or two bars on my PowerBook.
  I suppose that another closed network (not detectable by MacStumbler) could be causing the slowdown - but on all channels?
  - Increased the Transmitter Power to 100% and changed the Multicast Rate to 11, since I don't need the range to be especially broad, but again I'm still mighty low.
  BTW, what is the "Mode"? Presently it's set to 802.11 b/g compatible. Would that setting have an impact on my situation? Since I don't know what it is, I don't much want to play with it just yet...
  What else should I be checking/doing?
  Adriana
  iMac G4, Powerbook G4, Airport Extreme   Mac OS X (10.4.8)  

  It could be that a different type of device is operating at, or causing interference at, 2.4 GHz and causing your wireless network problem. Cordless phones are one big culprit. See KB 58543, AirPort: Potential sources of interference for some other ideas.
  - Increased the Transmitter Power to 100% and changed the Multicast Rate to 11, since I don't need the range to be especially broad, but again I'm still mighty low.
  Increasing the multicast rate can decrease the range. The multicast rate is the guaranteed data transfer rate. The network will drop if this rate can not be guaranteed.
  BTW, what is the "Mode"? Presently it's set to 802.11 b/g compatible. Would that setting have an impact on my situation?
  There are 3 settings:
  802.11b only - The wireless network operates at the slower (11 Mbps) 802.11b protocol for all clients. Since 802.11g is backwards compatible, both 802.11b and 802.11g devices can connect.
  802.11b/g - The wireless network allows both 802.11b and 802.11g clients to connect. The network speed will be slowed only if any 802.11b clients actually are connected.
  802.11g only - The network operates at the faster (54 Mbps) 802.11g for all clients. 802.11b clients will not be able to connect.

• Change to User Mapping Strong encryption to weak encryption

  HI Floks,
  we have EP 5.0 and want to change the Branding Images on the Logon Page.
  However, Direct Editing is not available.But User Mapping is availble
  The path in EP 5.0 was :
  "System Administration -> System Configuration -> UME Configuration -> User Mapping".
  its strongly encrypted
  am looking this info "Encryption of User Mapping Data: Strong encryption ". Ihave to change brading image
  Does anyone know why or if there is another way to modify the UME property ume.logon.branding_image. how to convert this encryption or another way is there to change logo .\
  if any links or suggestions are provide me
  thanks
  Preethi

  Hi Preethi,
  I'm wondering about your message. It seems you mismatch EP5 and EP6 with each other.
  In EP5 the logon screen can be found at the IIS. There are 2 different logon screens: form logon or HTTP logon. The branding image is only available for form logon. In the admin guide for EP5 you can find the following information:
  'You can customize the form-based logon to reflect your companyu2019s branding or other special
  requirements. The dialog is located at Inetpub\wwwroot\SAPPortal\FormLogon.asp.'
  see also
  http://help.sap.com/saphelp_ep50sp6/helpdata/en/a2/297c55fa2f5447973d25825c1a665b/frameset.htm
  Furthermore there was no strong encryption possible for EP5.
  The path you mentioned in your message reflects only for EP6 and onwards. And I'm wondering why you talk of strong encryption in this context. The way of encryption has nothing to do with the branding image.
  Regards,
  Anja

• Encrypt suggestions

  Hi friends!
  I would like to encryp my messages in my client and server java app.
  And I have these problems:
  If I use an algorithm to encryp my strings, perhaps my characters became on-readable characters and like for instance \n or something that, and I use /10 to separate my messages and process then. So is there anyway to encrpy a string, but resuliting in another string with characteras from a to z?
  Another question, it would be possible to use SSL to encroty my messages? should I pay to somebody? Is it necessary to use a 3rd computer?
  Thanks a lot for your advice

  Ricardo_Ruiz_Lopez wrote:
  Thanks a lot for your replies.
  My strings contain sensitive information ( customers money information ) and my messages are going to travel thru Internet, so I need something very secure.PayPal, your online banking, the login to this site and millions of other sites use SSL often through HTTPS. You won't find anything more secure other than not using the Internet at all.
  >
  I think SSL could be the best option after reading your suggestions and something on the net.Yep.
  >
  "SSL is not used to encrypt a single message. SSL is used to encrypt an entire socket connection. The idea is that you open a SSL connection (which can be thought of as a wrapper over a "normal" socket connection) and then use it as if it were a normal socket connection. The difference is that all traffic sent this way is encrypted."
  Thanks, it doesnt matter if it encrypts all my connection.
  "Should you pay someone?"
  I think you didnt understand me. I am reading about SSL and I read about buying a certificate and pay to someboy like Verisign or something like that. Right now, I realised that this is an authentificattion process which is not necessary, so I gguess I could use only encription part. BTW I know there are free algorithms.
  Any suggestion (or link) to use SSL for only encrypt my connection without 3rd companies??? ( I�m looking for that right now)I don't really understand. Are you asking about Java SSL implementations? If so then, as I said in my earlier post, no third party implementation is required; it is built in to the later version of the JRE and the earlier versions of the JRE can use the Sun JSSE library.

• Connecting a windows XP laptop to Airport extreme, WPA encryption

  hi
  have just got an airport extreme and have managed to connect to it and access internet fine with my macbook. I'm using WPA/WPA2 Personal encryption with an 8 character password. After finding the network equivalent password (a 64 character Hex key) I managed to get my housemates Vista laptops connected. HOWEVER, when I go to enter this into my friends XP laptop (connected through a Netgear wireless receiver), it will not let me as the 64 character key is 1 character too long - do I just enter the original 8 character password?
  I hope someone can help!!!!
  thanks.

  Is the password you are using limited to letters and numbers - no punctuation or other strange characters?
  This really should work. The fact it doesn't suggests to me that some other setting is not being chosen correctly. As I mentioned this above select "WPA Personal" with TKIP (not AES) encryption. As a second choice, select "WPA2 Personal". Make sure the WinXP software drivers for its wireless interface are up to date.

• I was just told ML could not be installed because apple HD is broken and could not be repaired. I never had any problem ever to suggest a broken HD, on my 2 yr. old mac pro. 10.6.8. Any one else having this problem? Will I get a refund,  if so how?

  I have a 2009 MAC PRO 10.6.8. Had never had any problems. Tried installing Mountain Lion today. Was told, " Mountain Lion could not be installed because Hard Disk is broken"!
  Is it because HD is broken or perhaps incompatible? Has any one else had this problem? I had no symptoms suggestive of a broken HD. Will I get reimbursed if ML could not be installed? If so what do I have to do?
  How can I verify the status of the HD, in absence of symptoms for my own information?

  mottoo wrote:
  I have a 2009 MAC PRO 10.6.8. Had never had any problems. Tried installing Mountain Lion today. Was told, " Mountain Lion could not be installed because Hard Disk is broken"!
  Is it because HD is broken or perhaps incompatible? Has any one else had this problem? I had no symptoms suggestive of a broken HD. Will I get reimbursed if ML could not be installed? If so what do I have to do?
  How can I verify the status of the HD, in absence of symptoms for my own information?
  The solution to your problem is rather simple
  1: Get a external hard drive and use Disk Utility to format it with a GUID partition map and OS X extended Journaled.
  2: Export your browser bookmarks and any other needed data to a file,. Copy your User data folders of Music, Pictures etc over to the external  drive via drag and drop copy methods, disconnect the drive.
  I don't advise using TimeMachine at this point since your boot drive is messed up, thus so will be your TM drive, just transfering the problem later on back to the new install. We are proceeding with a "Fresh install" method to eliminate as many issues as possible which a TM restore can return to a new OS X install.
  3: Next you will need to follow these instructions to zero erase (important) and install 10.6 fresh, use the same named account (different password ok)
  How to erase and install Snow Leopard 10.6
  4: Before you return files or install programs, Software Update fully and use the AppStore to install 10.8, this way it will be on a fresh 10.6 install, free of issues.
  5: Install any and all 10.8 compatible programs as much as possible before returning your User files, this is a performance measure.
  If you need too, use this site to find one's that are 10.8 compatible.
  http://roaringapps.com/apps:table
  6: Last install your user files from the external drive backup into their respective Music, Pictures, Movies etc., folders, into the same named accounts so you preserve your iTunes playlists. When you open those programs, they will update their respective support files automatically.