Cisco CUBE supports AES-256 Encryption?

Similar Messages

• AIR-AP1131AG-I-K9 support AES 256 bit ?

  hi,
  I have several AP devices:
  Product/Model Number: AIR-AP1131AG-I-K9
   System Software Filename: c1130-k9w7-tar.124-3g.JA
   System Software Version: 12.4(3g)JA
  Bootloader Version: 12.3(8)JEA
  i need to know if  AES 256 bit is supported by this devices and if the current software need to upgrade for that.
  Regards,

  HI Ben,
  As per my knowledge this Software dont support 256 bit key size.
  Here is the link:http://www.cisco.com/c/en/us/td/docs/wireless/access_point/12-4_3g_JA/configuration/guide/ios1243gjaconfigguide/s43wep.html
  another version: 12.3(8)JA supports 256 bit key size to protect data traffic,
  http://www.cisco.com/c/en/us/td/docs/wireless/access_point/12-3_8_JA/configuration/guide/1238jasc/s38wep.html
  Regards
  Don't forget to rate helpful posts

• Download to support 128 bit encryption

  since trying to download 4.0 version I cannot open firefox at all and need 128 bit encryption that was available prior to 4.0

  Current Firefox releases can't even go below 128 bit, SSL2 that supported this have been removed quite a few releases now (Firefox 8 dropped support for SSL2).
  *https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/8
  128 bit is the minimum that you can use with Firefox and you can only go higher (e.g. 168 or 256).<br />
  128 bit shouldn't be used these days and servers that only support 128 bit should update their software.
  Firefox supports AES-256 since 2002, so that is already more than 10 years.
  * https://www.fortify.net/sslcheck.html

• Does Mozilla support 128-bit encryption?

  To use IRS Business Services Online (http://www.socialsecurity.gov/employer/bsohbnew.htm), 128-bit encryption is needed. They say:
  "To determine whether your browser supports 128-bit encryption, select Help/About from your browser menu. Most browsers will display the phrase ?128-bit encryption? or "128-bit cipher strength.? If you are unsure whether your browser supports 128-bit encryption, contact the software company that developed the browser."
  But I can't seem to find this information on the about page or in online articles about encryption. Would you please help?

  Current Firefox releases can't even go below 128 bit, SSL2 that supported this have been removed quite a few releases now (Firefox 8 dropped support for SSL2).
  *https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/8
  128 bit is the minimum that you can use with Firefox and you can only go higher (e.g. 168 or 256).<br />
  128 bit shouldn't be used these days and servers that only support 128 bit should update their software.
  Firefox supports AES-256 since 2002, so that is already more than 10 years.
  * https://www.fortify.net/sslcheck.html

• Acrobat (Reader) 8 not capable of opening AES-256 protected rights management PDF?

  Is this really true?
  Didn't find a datasheet explaining the Client-side requirements, when
  AES-256-encrypting PDF documencs with LCRM.
  In my lab it seems, as if Reader-9 can open those documents fine, while Reader-8 fails decrypting.
  Dilettanto

  Acrobat/Reader 9 were the first version to incorporate AES-256 code, so if you want to remain backwards compatible with Reader 7 or 8 you need to continue to use AES-128. I believe this is documented in the help for the section that describes how policy edit works.
  Jonathan

• AES-256 Security Provider ??

  Hi,
  Our company is using a tool called AdvenetNet WebNMS to create a network management system.
  However, there is one particular section in the developer guide that refers to working with "providers" to support privacy in SNMPv3. Our software group would like to use AES-256 for the privacy.
  The Advenetnet site says you can use "Cryptix or SunJCE" as a provider. I tried to look up Cryptix, but, didn't find much documentation on it. I downloaded the source, and didn't really see anything referring to AES-256, however, i saw many different types.
  Can anyone give any ideas on what exactly i would need to do ? First of all, will Cryptix help me at all? (Is it a provider that supports AES-256) ? If not, is it difficult to create my own AES-256 provider (following the tutorial on Sun's website) ?
  If anyone can clear up my confusion on providers, etc.... that would be great!
  I'm pretty new to Java, and i found this link on Sun's web:
  http://java.sun.com/j2se/1.4.2/docs/guide/security/HowToImplAProvider.html
  Link to Adventnet description:
  http://www.adventnet.com/products/webnms/help/developer_guide/management_protservices/mgmnt_protocols/snmp/proto_security_pack_snmpv3.html

  This is where i'm getting confused. We are currently using JRE 1.5 for development. So, you're saying, with this version, AES 256 is already included.Yes.
  >
  According to the Adventnet documentation (in the link in my initial post), it has a blurb regarding JCE installation, etc by modifying the java.security file. Is this file already setup for me since i'm using java 1.5 ? If this is the case, do i technically need to do anything to get the AES - 256 (from a java side of things) to work? No need to modify the java.security file - the SunJCE provider is included by default.
  >
  There is little to no documentation on getting the SNMPv3 (from AdvenetNet) to use AES-256. They just refer to 'using a provider' because they don't support AES-256. I guess i'm also confused on how to get the AdventNet product to actually select to use AES-256 . I'll have to contact them regarding that.I know only a little about SNMPv3 and even less about AdvenetNet. I do wonder why you think you need AES 256. What is so secret about your data that you need twice as many bits as the industry norm. Even people playing really safe use only a 192 bit AES.

• AES-256 user home directory sparse image bundle in Lion?

  Snow Leopard and previous had file vault to protect users' home directories as, I believe, AES-128-encrypted sparse image bundles. As I understand it now, under Lion, the options are to enable AES-128 whole disk encryption, or, if upgrading an existing snow leopard machine with a legacy file vault user account, to maintain that legacy file vault user home directory. However, under this second approach, additional users' home directories cannot be individually "file-vaulted" and instead, would require that legacy file vault  be decrytped and then the entire disk be encrypted.
  I am thinking that it would be advantageous from a security standpoint if an individual user home directory could remain encrypted, if that user were not actively logged in. Then, all contents would be inaccessible to other users, including administratively privileged users, and also that user's home directory would remain encrypted when the computer was turned on and booted up because as I understand it, file vault 2's real strength lies in protecting "data at rest" versus "data on a powered up and mounted file vault 2 volume".
  To that end, I am wondering, regardless of whether file vault 2 is enabled or not, whether an existing user home directory and all of its contents be converted to an AES-256-encrypted sparse image bundle, using Disk Utility, and exist at the /Users directory space, mounting and decrypting "on the fly" from the login window at user login just like how a legacy file vault home directory is treated under snow leopard, independently of whether file vault 2 was enabled on the whole disk or not. This would also permit later addition/conversion of another "file vaulted" user account whether fle vault 2 were enabled or not.
  To recap, an AES-256-encrypted sparse image bundle that would mount upon user login just like a legacy file vault user home directory does. Does anyone know if something like that is doable, and has that road already been travelled successfully? If so, I'd love to read a step-by-step, play-by-play, set of instructions on how to do just that.

  I think I got a solution worked out.  I don't mind if things get installed in /opt as long as pacman tracks it, and I found ruby-enterprise-rmagick in the AUR as an orphan.  I adopted it, updated it, installed it, and it's working great with my code.

• Encrypt/decrypt AES 256, vorsalt error

  Hiyas.
  So I'm trying to get encrypt/decrypt to work for AES 256, with both 32byte key and 32byte IVorSalt. (Yup-new java security files v6 installed)
  'IF' I 32byte key but dont use a IV at all, I get a nice looking AES 256 result. (I can tell it's AES 256 by looking the length of the encrypted string)
  'IF' I use a 32byte key and 16bit salt, I get a AES 128 result (I know- as per docs theyre both s'posed to the same size, but the docs are wrong).
  But when i switch to using both a 32byte key AND a 32byte salt I get the error below.
  An error occurred while trying to encrypt or decrypt your input string: Bad parameters: invalid IvParameterSpec: com.rsa.jsafe.crypto.JSAFE_IVException: Invalid IV length. Should be 16.
  Has anyone 'EVER' gotten encrypt to work for them using AES 256 32byte key and 32byte salt? Is this a bug in CF? Or Java? Or I am doing something wrong?
  <!--- ////////////////////////////////////////////////////////////////////////// Here's the Code ///////////////////////////////////////////////////////////////////////// --->
  <cfset theAlgorithm  = "Rijndael/CBC/PKCS5Padding" />
  <cfset gKey = "hzj+1o52d9N04JRsj3vTu09Q8jcX+fNmeyQZSDlZA5w="><!--- these 2 are the same --->
  <!---<cfset gKey = ToBase64(BinaryDecode("8738fed68e7677d374e0946c8f7bd3bb4f50f23717f9f3667b2419483959039c", "Hex"))>--->
  <cfset theIV    = BinaryDecode("7fe8585328e9ac7b7fe8585328e9ac7b7fe8585328e9ac7b7fe8585328e9ac7b","hex")>
  <!---<cfset theIV128    = BinaryDecode("7fe8585328e9ac7b7fe8585328e9ac7b","hex")>--->
  <cffunction    name="DoEncrypt" access="public" returntype="string" hint="Fires when the application is first created.">
      <cfargument    name="szToEncrypt" type="string" required="true"/>
      <cfset secretkey = gKey>               
      <cfset szReturn=encrypt(szToEncrypt, secretkey, theAlgorithm, "Base64", theIV)>
      <cfreturn szReturn>
  </cffunction>   
  <cffunction    name="DoDecrypt" access="public" returntype="string" hint="Fires when the application is first created.">
      <cfargument    name="szToDecrypt" type="string" required="true"/>
      <cfset secretkey = gKey>   
      <cfset szReturn=decrypt(szToDecrypt, secretkey, theAlgorithm, "Base64",theIV)>       
      <cfreturn szReturn>
  </cffunction>
  <cfset szStart = form["toencrypt"]>
  <cfset szStart = "Test me!">
  <cfset szEnc = DoEncrypt(szStart)>
  <cfset szDec = DoDecrypt(szEnc)>
  <cfoutput>#szEnc# #szDec#</cfoutput>

  Hi edevmachine,
  This Bouncy Castle Encryption CFC supports Rijndael w/ 256-bit block size. (big thanks to Jason here and all who helped w/ that, btw!)
  Example:
  <cfscript>
    BouncyCastleCFC = new path.to.BouncyCastle();
    string = "ColdFusion Rocks!"; 
    key = binaryEncode(binaryDecode(generateSecretKey("Rijndael", 256), "base64"), "hex");//the CFC takes hex'd key
    ivSalt = binaryEncode(binaryDecode(generateSecretKey("Rijndael", 256), "base64"), "hex");//the CFC takes hex'd ivSalt
    encrypted = BouncyCastleCFC.doEncrypt(string, key, ivSalt);
    writeOutput(BouncyCastleCFC.doDecrypt(encrypted, key, ivSalt));
  </cfscript>
  Related links for anyone interested in adding 256-bit block size Rijndael support into ColdFusion:
  - An explanation of how to install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files into ColdFusion
  - An explanation of how to install the Bouncy Castle Crypto package into ColdFusion (near bottom, under the "Installing additional security providers" heading)
  - An explanation of how to connect the Bouncy Castle classes together
  - Bouncy Castle's doc for the Rijndael Engine
  And here is the full CFC as posted in the StackOverflow discussion:
  <cfcomponent displayname="Bounce Castle Encryption Component" hint="This provides bouncy castle encryption services" output="false">
  <cffunction name="createRijndaelBlockCipher" access="private">
      <cfargument name="key" type="string" required="true" >
      <cfargument name="ivSalt" type="string" required="true" >
      <cfargument name="bEncrypt" type="boolean" required="false" default="1">
      <cfargument name="blocksize" type="numeric" required="false" default=256>
      <cfscript>
      // Create a block cipher for Rijndael
      var cryptEngine = createObject("java", "org.bouncycastle.crypto.engines.RijndaelEngine").init(arguments.blocksize);
      // Create a Block Cipher in CBC mode
      var blockCipher = createObject("java", "org.bouncycastle.crypto.modes.CBCBlockCipher").init(cryptEngine);
      // Create Padding - Zero Byte Padding is apparently PHP compatible.
      var zbPadding = CreateObject('java', 'org.bouncycastle.crypto.paddings.ZeroBytePadding').init();
      // Create a JCE Cipher from the Block Cipher
      var cipher = createObject("java", "org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher").init(blockCipher,zbPadding);
      // Create the key params for the cipher    
      var binkey = binarydecode(arguments.key,"hex");
      var keyParams = createObject("java", "org.bouncycastle.crypto.params.KeyParameter").init(BinKey);
      var binIVSalt = Binarydecode(ivSalt,"hex");
      var ivParams = createObject("java", "org.bouncycastle.crypto.params.ParametersWithIV").init(keyParams, binIVSalt);
      cipher.init(javaCast("boolean",arguments.bEncrypt),ivParams);
      return cipher;
      </cfscript>
  </cffunction>
  <cffunction name="doEncrypt" access="public" returntype="string">
      <cfargument name="message" type="string" required="true">
      <cfargument name="key" type="string" required="true">
      <cfargument name="ivSalt" type="string" required="true">
      <cfscript>
      var cipher = createRijndaelBlockCipher(key=arguments.key,ivSalt=arguments.ivSalt);
      var byteMessage = arguments.message.getBytes();
      var outArray = getByteArray(cipher.getOutputSize(arrayLen(byteMessage)));
      var bufferLength = cipher.processBytes(byteMessage, 0, arrayLen(byteMessage), outArray, 0);
      var cipherText = cipher.doFinal(outArray,bufferLength);
      return toBase64(outArray);
      </cfscript>
  </cffunction>
  <cffunction name="doDecrypt" access="public" returntype="string">
      <cfargument name="message" type="string" required="true">
      <cfargument name="key" type="string" required="true">
      <cfargument name="ivSalt" type="string" required="true">
      <cfscript>
      var cipher = createRijndaelBlockCipher(key=arguments.key,ivSalt=arguments.ivSalt,bEncrypt=false);
      var byteMessage = toBinary(arguments.message);
      var outArray = getByteArray(cipher.getOutputSize(arrayLen(byteMessage)));
      var bufferLength = cipher.processBytes(byteMessage, 0, arrayLen(byteMessage), outArray, 0);
      var originalText = cipher.doFinal(outArray,bufferLength);
      return createObject("java", "java.lang.String").init(outArray);
      </cfscript>
  </cffunction>
  <cfscript>
  function getByteArray(someLength)
      byteClass = createObject("java", "java.lang.Byte").TYPE;
      return createObject("java","java.lang.reflect.Array").newInstance(byteClass, someLength);
  </cfscript>
  </cfcomponent>
  Thanks!,
  -Aaron

• Is Weblogic 11g supports for Kerberos AES/RC4 Encryption on Windows 2008 R2

  Is Weblogic 11g supports for Kerberos AES/RC4 Encryption on Windows 2008 R2?
  Thanks,

  DES is disabled by default on 2008, could this DC be a Windows 2003?  If so then this would be the expected encyption.
  The following is the list of the encryption available for each Windows system
  Windows 2000,  XP,Windows Server 2003:     
  DES, RC4          
           Vista
  , Windows Server 2008:      DES, RC4,AES          
           Windows 7 and  Windows Server  2008 R2:     DES(disabled by default), RC4,AES
  From:
  http://blogs.msdn.com/b/openspecification/archive/2010/11/17/encryption-type-selection-in-kerberos-exchanges.aspx
  Paul Bergson
  MVP - Directory Services
  MCITP: Enterprise Administrator
  MCTS, MCT, MCSE, MCSA, Security, BS CSci
  2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
  Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
  Please no e-mails, any questions should be posted in the NewsGroup.
  This posting is provided AS IS with no warranties, and confers no rights.

• Encrypt and Decrypt Card Number using AES 256 algorithm

  Dear All,
       I have a table in Sql Server database. in that table  storing
  Card_Information. This information is secured so that need to encrypt that data in sql server table.
  Can some one help on Encrypting and decryption process using AES 256 algorithm.
  Regards, Praveen

  Hello,
  See MSDN Cryptographic Functions (Transact-SQL) for all available en-/decryption function in SQL Server.
  Olaf Helper
  [ Blog] [ Xing] [ MVP]

• AES 256 Revision 6 (PDF 2.0) Encryption

  I am trying to implement decryption of AES 256 Revision 6 (PDF 2.0) as described in the ISO 32000-2 spec and having some success but getting some peculiar results that I cannot resolve and would appreciate some suggestions.
  Using Acrobat X on a PC and encrypting using password encryption compatible with Acrobat X, I created a set of about 20 Acrobat X encrypted PDF tests. When I ran these through our implementation to decrypt as following ISO 32000-2 particularly Algorithms 2.A and 2.B most decrypted successfully and produced correct output. However a few failed either in the authentication phase or in the intermediate key computation stage, with the latter showing an error by an invalid decryption of the first stream of PDF encountered. Next I tried another set of different tests and also got a similar pass rate. Finally I took one unencrypted PDF test and chose the same security settings of compatible with Acrobat X, restrict editing, and printing, and allowed print and used the same password for 15 generated versions of this PDF test. 13 of these 15 resultant encrypted tests ran successfully with our implementation of the Revision 6 decryption algorithm. Two failed, with one failing a match on both user and owner key and the other failing computing the intermediate owner key.
  In the past when we have implemented earlier Revision 5 256 AES, or even older compatibility versions it always was the case that you either had the software working or you didn’t. And the new PDF 2.0 2B algorithm with 64+ hashes and 64+ aes encryptions of data along with 16 byte mod 3 math computations leaves little room for error.
    I believe that Acrobat when encrypting is choosing a random AES IV and all data including input /U /O /UE, and /OE strings differ. Even for the case described above of the same input test, same password, and same Acrobat encryption options. Thus the input into Algorithm 2-B will differ but the output should for authentication match the first 32 bytes of the O or U key or should result in a correct final result for intermediate owner or user key if the corresponding match occurred above.
  However for the few exceptions that fail the above decryption it is not easy to determine what went wrong. Just about any change to the implementation of Algorithm 2.B breaks all working test cases instead of giving a clue as to what the issue is. The possible suspects are the new SHA-384 and SHA-512 and the encrypt code. We have used SHA-256 and the AES decrypt portion in earlier implementation of revision 5 and had no problems. The AES and hash code we are using is from Gladman1. I was wondering what others are using? It looks like Acrobat X is using RSA BSAFE Crypto – C2 at least for FIPS. Could Leonard or somebody else at Adobe tell me if this RSA software is also used in general with Acrobat X?
  And I think that it would be very beneficial to have and publish a set of test vectors given input into algorithm 2.B along with correct intermediate results for each step. For each hash – including which method used per step show hash results, and also encryption step results, number of steps beyond 64 minimum, as well as final result. For the 80% of tests I have working I could produce this info. For those tests I cannot get working I would need help. Perhaps someone at Adobe or elsewhere who has had greater success than I have can help? I can provide input for the problematic tests either through this forum or privately at [email protected].
  1) http://www.gladman.me.uk/
  2) http://blogs.adobe.com/security/2011/05/update-fips-validation-certificates-for-acrobat-an d-reader-x.html

  I create a simple file called 256encrypt.pdf and encrypted with aes256
  I am using "Algorithm 2.B: Computing a hash" from ISO32000-2 to verify the user password
  user password: password
  User string from the PDF test file : f4 65 f1 69 9a e2 ea 71 ba e7 6b 48 bb 12 8f 1f 18 74 e3 d3 e2 97 7e b8 d6 fe 9f 7f 86 b0 6d 89 c9 38 40 c5 64 dc 5a 32 04 4d 9c 6f 28 d2 98 d0
  User string hash value:  f4 65 f1 69 9a e2 ea 71 ba e7 6b 48 bb 12 8f 1f 18 74 e3 d3 e2 97 7e b8 d6 fe 9f 7f 86 b0 6d 89
  User Validatiaon salt: c9 38 40 c5 64 dc 5a 32
  User Key salt:04 4d 9c 6f 28 d2 98 d0
  The input for the "Algorithm 2.B: Computing a hash" is as follows:
  user Validation Salt: c9 38 40 c5 64 dc 5a 32
  password: 70 61 73 73 77 6f 72 64 (password)
  step 1: SHA256(password+user Validation Salt)
  the result is  K = 9d 47 2d 4e f0 96 cd dd 7a 8c 04 8d b4 d2 b8 ee be fe b9 9f 7f cc e1 29 ea 63 ad f2 a3 d5 11 5b
  step 2: Make a new string K1 with 64 repetitions of the input password and K
  K1= 70 61 73 73 77 6f 72 64 9d 47 2d 4e f0 96 cd dd 7a 8c 04 8d b4 d2 b8 ee be fe b9 9f 7f cc e1 29 ea 63 ad f2 a3 d5 11 5b
         70 61 73 73 77 6f 72 64 9d 47 2d 4e f0 96 cd dd 7a 8c 04 8d b4 d2 b8 ee be fe b9 9f 7f cc e1 29 ea 63 ad f2 a3 d5 11 5b
         70 61 73 73 77 6f 72 64 9d 47 2d 4e f0 96 cd dd 7a 8c 04 8d b4 d2 b8 ee be fe b9 9f 7f cc e1 29 ea 63 ad f2 a3 d5 11 5b
          70 61 73 73 77 6f 72 64 9d 47 2d 4e f0 96 cd dd 7a 8c 04 8d b4 d2 b8 ee be fe b9 9f 7f cc e1 29 ea 63 ad f2 a3 d5 11 5b
  Total 64 times , total length = 0xa00
  step3: Encrypt K1 with AES_128(CBC)
  AES_CBC_128_NOPADDING:
  Key = 9d 47 2d 4e f0 96 cd dd 7a 8c 04 8d b4 d2 b8 ee
  IV =   be fe b9 9f 7f cc e1 29 ea 63 ad f2 a3 d5 11 5b
  K1 64 repeat of the 70 61 73 73 77 6f 72 64 9d 47 2d 4e f0 96 cd dd 7a 8c 04 8d b4 d2 b8 ee be fe b9 9f 7f cc e1 29 ea 63 ad f2 a3 d5 11 5b
  Result : Total length is 0xa00. The beginning part of the E is
  E =
  47 df 2a 7f 90 8a c4 d9 f2 8b a0 f1 49 f0 8e 09 51 c4 a3 ce fd 28 48 f3 d7 c1 04 76 1b 6b 5b f2 6d 3d 2c 3f 03 26 76 06 d5 67 44 c8 2a b6
  10 02 a5 8d a7 93 4f 94 02 b9 bf 93 b5 2d 17 82 02 3b f7 8e 8a 07 0f 18 ed 19 b3 ba 55 8b 14 b7 45 16 80 47 4f 6e c3 b6 20 d2 72 cd d1 46
  2c d3 88 f7 c4 f7 e3 3a 04 3d 72 4f e0 d2 66 63 c4 9c 77 7c c5 53 fd 69 81 f6 3b 3d f5 8e b2 bd 66 4e 0f c6 1e 96 5e 91 e2 3d 60 5c 60 75
  a3 13 49 58 85 e8 bb 37 93 91 4c 4f 79 a5 80 f2 13 be 44 22 aa e5 ee 6c 29 2c 76 50 a3 15 85 69 5e e9 c5 29 13 2a f6 67 51 8e 1e 7f 23 8a
  90 a7 fe 93 c7 ff 45 ee 2a f0 c0 70 f1 78 2e 80 bd be 06 4f ad 69 4d 47 e6 3f ae e2 6a 76 ef 3e 56 8f 2d f5 c9 49 26 f3 7e 6e 61 8b 5e e6
  e6 2d dd 76 cd 30 33 1d fe bf 11 60 ce 33 35 43 da b7 33 9b b9 6a 86 cd 35 a0 ca 84 99 0c ca 71 28 b3 01 b9 23 b4 a0 87 4e fb ff af b6 bd
  step4:
  The result of the first 16 bytes of E mod 3 is 1
  step5:
  Using SHA384 to get 48 bytes K
  K = 29 de 28 c1 f0 17 c9 37 bd 93 97 e3 b5 51 b0 86 b9 0c 96 e0 77 28 87 1c 11 7b 41 ce 64 bf a8 7f f2 8b a2 7b 52 58 79 a9 63 c0 b2 31 f8 4e e4 6e
  This is the end of round 1 and go back to step 2 using this new K
  When round is equal or bigger than 64, check E[last byte], if E[last byte] > round -32, go back to step 2
  The final round is 69. and the final result is
  K = ab 7c c6 03 bc da 85 51 3f 3d 22 fb 58 8c 42 1d 45 67 55 92 9f 4f d2 41 b3 93 07 04 7d b1 30 6d
  But this K does not match with the first 32 byte of the user string.

• CF9 Encrypt with AES 256-bit, example anyone?

  Hi there. I'm looking for a working example of  the Encrypt method using the AES 256 bit key.  I think that I have the Unlimited Strength Jurisdiction Policy Files enabled.  And I'm still getting the CFError,
  The key specified is not a valid key for this encryption: Illegal key size. 
  Now i hit the wall, can't get it.  What wrong am i doing?  How can I verify that the policy files are installed and accessible to my cf file?  Any help is greatly appreciated.
  <cfset thePlainText  = "Is this working for me?" />
  Generate Secret Key (128):  <cfset AES128 = "#generatesecretkey('AES',128)#" /> <cfdump var="#AES128#"><BR>
  Generate Secret Key (192):  <cfset AES192 = "#generatesecretkey('AES',192)#" /> <cfdump var="#AES192#"><BR>
  Generate Secret Key (256):  <cfset AES256 = "#generatesecretkey('AES',256)#" /> <cfdump var="#AES256#"><BR><BR>
  <cfset theKey    = AES256 />
  <cfset theAlgorithm  = "AES/CBC/PKCS5Padding" />
  <cfset theEncoding  = "base64" />
  <cfset theIV    = BinaryDecode("6d795465737449566f7253616c7431323538704c6173745f", "hex") />
  <cfset encryptedString = encrypt(thePlainText, theKey, theAlgorithm, theEncoding, theIV) />
  <!--- Display results --->
  <cfset keyLengthInBits  = arrayLen(BinaryDecode(theKey, "base64")) * 8 />
  <cfset ivLengthInBits  = arrayLen(theIV) * 8 />
  <cfdump var="#variables#" label="AES/CBC/PKCS5Padding Results" />
  <cfabort>

  Verison 10 is different from 9 because they run on different servlet containers. CF 10 uses Tomcat, CF 9 uses JRun, so things are in different places.
  \\ColdFusion10\jre\lib\security seems like the correct locaiton for the policy files to me. I actually gave you the wrong locations in my original post (sorry about that).  According to the installation instructions they belong in <java-home>\lib\security, which is looks like you've found.
  So something else is wrong. Here are some things to look at, in no particular order:
  1. Are you using a JVM other than the Java 1.6 that comes with CF10?
  2. Did you restart Tomcat after coping the files in?
  3. Note that I keep saying FILES, did you copy BOTH of th .jar files from the JCE folder you unzipped into the security directory.  It should have prompted you to overwrite existing files.
  4. Did you try unzipping the files and copying them in again, on the chance that they did not overwrite the originals?
  Sorry, I don't have CF10 installed to give this a try. But I have no reason to believe that it would not work in 10. It's all just JCA/JCE on the underlying JAVA, and I have heard no reports from anyone else that it doesn't work.
  Jason

• Monitoring AES-256 on CiscoWorks VMS 2.3

  We want to monitor our AES-256 VPN tunnels for our environment using CiscoWorks VMS 2.3. Our AES-256 VPN peers is a VPN concentrator with multiple PIX firewalls to our remote sites(hub and spoke design). Will CiscoWorks VMS 2.3 support this architecture for VPN monitoring?
  Thanks in advance,
  Erwin

  The management functions for firewalls, Network IPS, Cisco Security Agents, VPNs, security monitoring, and performance monitoring have been updated with new features or usability improvements. Management Center for IDS Sensors is called Management Center for IPS Sensors for its increased IPS focus. The installation of VMS is faster and more streamlined. Management support for router-based IPS signatures has been added to extend security to the network infrastructure.
  http://www.cisco.com/en/US/products/sw/cscowork/ps2330/products_installation_guide_chapter09186a00804d137d.html

• Windows 8.1 Pro Bitlocker AES 256-bit cypher question

  Hi, all
  Have an odd situation I cannot make any sense of. I have a desktop PC running Windows 8.1 Pro. I launched gpedit.msc and changed Bitlocker’s cypher strength from the default AES 128-bit to AES 256-bit.
  I then connected a brand new Western Digital 4TB external drive (model WDBFJK0040HBK-04) to the PC via USB 3.0, and Bitlocker-encrypted the drive. Opened a command prompt window as administrator, ran “manage-bde –status” for the drive in question,
  which indicated the drive was encrypted with the 128 bit cypher strength, instead of 256 bits, as I had selected. Have unencrypted, rebooted and re-encrypted the drive time and again, always with the same results.
  When connecting the same external 4TB drive to a Windows Server 2012 R2 Essentials in which I had made the exact same changes via gpedit.msc,
  I can encrypt it with the 256-bit cypher strength, with no problems.
  No TPM is used in either scenario, just a passphrase.
  Anyone has any idea why my 256-bit setting is being ignored in the Windows 8.1 Pro machine?
  Thanks
  Arsene
  ArseneL

  Well, running rsop.msc in my Server 2012 R2 machine does show my 256-bit bitlocker setting took, however, running rsop.msc in my Win 8.1 Pro machine shows it did not, which explains the problem I am having.
  Now all I have to do is find out why my request is not taking, even though I am logged in as an admin.
  Thanks!!
  ArseneL

• Jrockit and AES-256

  I can not encrypt with AES 256 with JROCKIT *"jrockit-jdk1.6.0_22-R28.1.1-4.0.1"*
  The "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files" is only for the ex SUN JAVA or I can use it with JROCKIT too ?
  Is there any (JCE) Unlimited Strength Jurisdiction Policy Files for Jrockit?
  Any suggestions?
  Thanks in advance
  Jordán

  You could try it and see if it works. The files look like drop-in replacements for what comes distributed with JRockit - but you still need to verify it with a test.
  Arshad Noor
  StrongAuth, Inc.
  P.S. One way or the other, do update this thread so future readers benefit from it.