Generating AES 256 bit key using seed

Hi
As part of encryption requirements for encrypting the body of the SOAP Message while calling an external Web Service, it is requried to encrypt using a shared symmetric key.
First step is to create a password digest
Base64(sha1(nonce + createdTimestamp + password)) - This step is working completely fine and produces a 160 bit Hash
The next step is to generate an AES 256 bit key using the above hash as the Seed. This should generate a 256 bit encrytpion key which can then be used to encrypt the message body.
Would appreciate if anyone who knows how to generate AES 256 bit key using a hash seed in Java (v1.4.2) can provide some guidance.
P:S. I am using WSS4J API to use WS-Security

I have to generate 256-bit AES key with a 128-bit IV using the above password digest and the IV used for in the creation of the AES key prefixes the cipher text.
The external WebService is .net webservice.
Edited by: GUPTAG on Nov 25, 2008 3:05 AM

Similar Messages

  • CF9 Encrypt with AES 256-bit, example anyone?

    Hi there. I'm looking for a working example of  the Encrypt method using the AES 256 bit key.  I think that I have the Unlimited Strength Jurisdiction Policy Files enabled.  And I'm still getting the CFError,
    The key specified is not a valid key for this encryption: Illegal key size. 
    Now i hit the wall, can't get it.  What wrong am i doing?  How can I verify that the policy files are installed and accessible to my cf file?  Any help is greatly appreciated.
    <cfset thePlainText  = "Is this working for me?" />
    Generate Secret Key (128):  <cfset AES128 = "#generatesecretkey('AES',128)#" /> <cfdump var="#AES128#"><BR>
    Generate Secret Key (192):  <cfset AES192 = "#generatesecretkey('AES',192)#" /> <cfdump var="#AES192#"><BR>
    Generate Secret Key (256):  <cfset AES256 = "#generatesecretkey('AES',256)#" /> <cfdump var="#AES256#"><BR><BR>
    <cfset theKey    = AES256 />
    <cfset theAlgorithm  = "AES/CBC/PKCS5Padding" />
    <cfset theEncoding  = "base64" />
    <cfset theIV    = BinaryDecode("6d795465737449566f7253616c7431323538704c6173745f", "hex") />
    <cfset encryptedString = encrypt(thePlainText, theKey, theAlgorithm, theEncoding, theIV) />
    <!--- Display results --->
    <cfset keyLengthInBits  = arrayLen(BinaryDecode(theKey, "base64")) * 8 />
    <cfset ivLengthInBits  = arrayLen(theIV) * 8 />
    <cfdump var="#variables#" label="AES/CBC/PKCS5Padding Results" />
    <cfabort>

    Verison 10 is different from 9 because they run on different servlet containers. CF 10 uses Tomcat, CF 9 uses JRun, so things are in different places.
    \\ColdFusion10\jre\lib\security seems like the correct locaiton for the policy files to me. I actually gave you the wrong locations in my original post (sorry about that).  According to the installation instructions they belong in <java-home>\lib\security, which is looks like you've found.
    So something else is wrong. Here are some things to look at, in no particular order:
    1. Are you using a JVM other than the Java 1.6 that comes with CF10?
    2. Did you restart Tomcat after coping the files in?
    3. Note that I keep saying FILES, did you copy BOTH of th .jar files from the JCE folder you unzipped into the security directory.  It should have prompted you to overwrite existing files.
    4. Did you try unzipping the files and copying them in again, on the chance that they did not overwrite the originals?
    Sorry, I don't have CF10 installed to give this a try. But I have no reason to believe that it would not work in 10. It's all just JCA/JCE on the underlying JAVA, and I have heard no reports from anyone else that it doesn't work.
    Jason

  • Help enabling AES 256-bit cipher suites

    I can't seem to create an SSLServerSocket with the 2 AES 256-bit cipher suites that are supposed to be available in JDK1.4.2. As you can see in the following code, the SSLServerSocket, ss, is enabled with the 2 AES_256 cipher suites. But, when ss.getEnabledCipherSuites() is invoked, those 2 suites aren't listed. What's up?
    Also, what is this SSLv2Hello that I can't seem to get rid of?
        String[] PROTOCOLS = {"SSLv3", "TLSv1"};
        String[] CIPHER_SUITES = {"TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
                                  "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
                                  "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
                                  "TLS_RSA_WITH_AES_256_CBC_SHA",
                                  "TLS_RSA_WITH_AES_128_CBC_SHA",
                                  "SSL_RSA_WITH_3DES_EDE_CBC_SHA"};// create an SSLServerSocket ss
            SSLContext context = SSLContext.getInstance("TLS", "SunJSSE");
            context.init(myKeyManagers, myTrustManagers, SecureRandom.getInstance("SHA1PRNG", "SUN"));
            SSLServerSocketFactory ssFactory = context.getServerSocketFactory();
            SSLServerSocket ss = ssFactory.createServerSocket();
            ss.setEnabledProtocols(PROTOCOLS);
            ss.setEnabledCipherSuites(CIPHER_SUITES);// output a bunch of useful debugging information
            System.out.println(System.getProperty("java.version") + "\n");
            Provider[] providers = Security.getProviders();
            for(int i=0; i < providers.length; ++i)
                System.out.println(providers[i] + "\n" + providers.getInfo() + "\n********************");
    String[] enabledProtocols = ss.getEnabledProtocols();
    for(int i=0; i < enabledProtocols.length; ++i)
    System.out.println(enabledProtocols[i]);
    String[] enabledCipherSuites = ss.getEnabledCipherSuites();
    for(int i=0; i < enabledCipherSuites.length; ++i)
    System.out.println(enabledCipherSuites[i]);
    OUTPUT
    1.4.2
    SUN version 1.42
    SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores)
    SunJSSE version 1.42
    Sun JSSE provider(implements RSA Signatures, PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
    SunRsaSign version 1.42
    SUN's provider for RSA signatures
    SunJCE version 1.42
    SunJCE Provider (implements DES, Triple DES, AES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
    SunJGSS version 1.0
    Sun (Kerberos v5)
    SSLv2Hello
    SSLv3
    TLSv1
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA
    SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
    TLS_RSA_WITH_AES_128_CBC_SHA

    Now I get an Exception when I run the same program.
    OUTPUT
    1.4.2
    SUN version 1.42
    SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores)
    SunJSSE version 1.42
    Sun JSSE provider(implements RSA Signatures, PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
    SunRsaSign version 1.42
    SUN's provider for RSA signatures
    SunJCE version 1.42
    SunJCE Provider (implements DES, Triple DES, AES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
    SunJGSS version 1.0
    Sun (Kerberos v5)
    java.lang.IllegalArgumentException: Cannot support TLS_DHE_RSA_WITH_AES_256_CBC_SHA with currently installed providers
            at com.sun.net.ssl.internal.ssl.CipherSuiteList.<init>(DashoA6275)
            at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.setEnabledCipherSuites(DashoA6275)
            at test.util.ConcreteSSLServerSocketFactory.initSocket(ConcreteSSLServerSocketFactory.java:111)
            at test.util.ConcreteSSLServerSocketFactory.createServerSocket(ConcreteSSLServerSocketFactory.java:100)
            at test.Test.main(Test.java:111)
    Exception in thread "main"

  • Windows 8.1 Pro Bitlocker AES 256-bit cypher question

    Hi, all
    Have an odd situation I cannot make any sense of. I have a desktop PC running Windows 8.1 Pro. I launched gpedit.msc and changed Bitlocker’s cypher strength from the default AES 128-bit to AES 256-bit.
    I then connected a brand new Western Digital 4TB external drive (model WDBFJK0040HBK-04) to the PC via USB 3.0, and Bitlocker-encrypted the drive. Opened a command prompt window as administrator, ran “manage-bde –status” for the drive in question,
    which indicated the drive was encrypted with the 128 bit cypher strength, instead of 256 bits, as I had selected. Have unencrypted, rebooted and re-encrypted the drive time and again, always with the same results.
    When connecting the same external 4TB drive to a Windows Server 2012 R2 Essentials in which I had made the exact same changes via gpedit.msc,
    I can encrypt it with the 256-bit cypher strength, with no problems.
    No TPM is used in either scenario, just a passphrase.
    Anyone has any idea why my 256-bit setting is being ignored in the Windows 8.1 Pro machine?
    Thanks
    Arsene
    ArseneL

    Well, running rsop.msc in my Server 2012 R2 machine does show my 256-bit bitlocker setting took, however, running rsop.msc in my Win 8.1 Pro machine shows it did not, which explains the problem I am having.
    Now all I have to do is find out why my request is not taking, even though I am logged in as an admin.
    Thanks!!
    ArseneL

  • AIR-AP1131AG-I-K9 support AES 256 bit ?

    hi,
    I have several AP devices:
    Product/Model Number: AIR-AP1131AG-I-K9
     System Software Filename: c1130-k9w7-tar.124-3g.JA
     System Software Version: 12.4(3g)JA
    Bootloader Version: 12.3(8)JEA
    i need to know if  AES 256 bit is supported by this devices and if the current software need to upgrade for that.
    Regards,

    HI Ben,
    As per my knowledge this Software dont support 256 bit key size.
    Here is the link:http://www.cisco.com/c/en/us/td/docs/wireless/access_point/12-4_3g_JA/configuration/guide/ios1243gjaconfigguide/s43wep.html
    another version: 12.3(8)JA supports 256 bit key size to protect data traffic,
    http://www.cisco.com/c/en/us/td/docs/wireless/access_point/12-3_8_JA/configuration/guide/1238jasc/s38wep.html
    Regards
    Don't forget to rate helpful posts

  • About Hardware encryption AES 256 bit crucial mx100

    My question works it automatically or works the hardware encryption windows only ?
    because not sure is it safe enough and also about speed.
    sorry for my terrible English. You can answer in German and English thanks.
    Meine Frage ist ... ob die Hardware Verschlüsselung automatisch vom Controller crucial mx100 gesteuert wird oder funktioniert es nur unter Windows ?
    es muss ich filevault benutzen um die Daten zu schützen ?

    Hardware encryption is a feature of SSD's. It is transparent to the user and you don't have to do anything to enable it. The data on the SSD is encrypted with a random key. When you erase the device, the key is destroyed. You can't use hardware encryption to protect your data from theft. For that, use FileVault.

  • Aes-256 or aes-128 bit

    Hello
    I'm trying to keep the CPU down as much as possible on my ASA-5540. We're running 8.2.5 on it. We have a bout 80 active IPSec tunnels so far, all which are using AES-256 bit for phase1/2, 75 of the tunnels are mostly ezy vpn connections. Currently the CPU during peak usage is averaging around 22%.  We're planning on having over 1000 IPsec connections, mostly will be remote vpn access with about 170 of them ezy vpn and 250 l2l tunnels.
    Is there any noticable CPU performance gain by using AES-128 bit instead of AES-256 on the phase2?
    Thanks,
    John

    Just wondering if someone out there has noticed any performance gains by using AES-128 instead of AES-256. I'm trying standardize on a policy going forward.
    Thanks!

  • Encrypt/decrypt AES 256, vorsalt error

    Hiyas.
    So I'm trying to get encrypt/decrypt to work for AES 256, with both 32byte key and 32byte IVorSalt. (Yup-new java security files v6 installed)
    'IF' I 32byte key but dont use a IV at all, I get a nice looking AES 256 result. (I can tell it's AES 256 by looking the length of the encrypted string)
    'IF' I use a 32byte key and 16bit salt, I get a AES 128 result (I know- as per docs theyre both s'posed to the same size, but the docs are wrong).
    But when i switch to using both a 32byte key AND a 32byte salt I get the error below.
    An error occurred while trying to encrypt or decrypt your input string: Bad parameters: invalid IvParameterSpec: com.rsa.jsafe.crypto.JSAFE_IVException: Invalid IV length. Should be 16.
    Has anyone 'EVER' gotten encrypt to work for them using AES 256 32byte key and 32byte salt? Is this a bug in CF? Or Java? Or I am doing something wrong?
    <!--- ////////////////////////////////////////////////////////////////////////// Here's the Code ///////////////////////////////////////////////////////////////////////// --->
    <cfset theAlgorithm  = "Rijndael/CBC/PKCS5Padding" />
    <cfset gKey = "hzj+1o52d9N04JRsj3vTu09Q8jcX+fNmeyQZSDlZA5w="><!--- these 2 are the same --->
    <!---<cfset gKey = ToBase64(BinaryDecode("8738fed68e7677d374e0946c8f7bd3bb4f50f23717f9f3667b2419483959039c", "Hex"))>--->
    <cfset theIV    = BinaryDecode("7fe8585328e9ac7b7fe8585328e9ac7b7fe8585328e9ac7b7fe8585328e9ac7b","hex")>
    <!---<cfset theIV128    = BinaryDecode("7fe8585328e9ac7b7fe8585328e9ac7b","hex")>--->
    <cffunction    name="DoEncrypt" access="public" returntype="string" hint="Fires when the application is first created.">
        <cfargument    name="szToEncrypt" type="string" required="true"/>
        <cfset secretkey = gKey>               
        <cfset szReturn=encrypt(szToEncrypt, secretkey, theAlgorithm, "Base64", theIV)>
        <cfreturn szReturn>
    </cffunction>   
    <cffunction    name="DoDecrypt" access="public" returntype="string" hint="Fires when the application is first created.">
        <cfargument    name="szToDecrypt" type="string" required="true"/>
        <cfset secretkey = gKey>   
        <cfset szReturn=decrypt(szToDecrypt, secretkey, theAlgorithm, "Base64",theIV)>       
        <cfreturn szReturn>
    </cffunction>
    <cfset szStart = form["toencrypt"]>
    <cfset szStart = "Test me!">
    <cfset szEnc = DoEncrypt(szStart)>
    <cfset szDec = DoDecrypt(szEnc)>
    <cfoutput>#szEnc# #szDec#</cfoutput>

    Hi edevmachine,
    This Bouncy Castle Encryption CFC supports Rijndael w/ 256-bit block size. (big thanks to Jason here and all who helped w/ that, btw!)
    Example:
    <cfscript>
      BouncyCastleCFC = new path.to.BouncyCastle();
      string = "ColdFusion Rocks!"; 
      key = binaryEncode(binaryDecode(generateSecretKey("Rijndael", 256), "base64"), "hex");//the CFC takes hex'd key
      ivSalt = binaryEncode(binaryDecode(generateSecretKey("Rijndael", 256), "base64"), "hex");//the CFC takes hex'd ivSalt
      encrypted = BouncyCastleCFC.doEncrypt(string, key, ivSalt);
      writeOutput(BouncyCastleCFC.doDecrypt(encrypted, key, ivSalt));
    </cfscript>
    Related links for anyone interested in adding 256-bit block size Rijndael support into ColdFusion:
    - An explanation of how to install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files into ColdFusion
    - An explanation of how to install the Bouncy Castle Crypto package into ColdFusion (near bottom, under the "Installing additional security providers" heading)
    - An explanation of how to connect the Bouncy Castle classes together
    - Bouncy Castle's doc for the Rijndael Engine
    And here is the full CFC as posted in the StackOverflow discussion:
    <cfcomponent displayname="Bounce Castle Encryption Component" hint="This provides bouncy castle encryption services" output="false">
    <cffunction name="createRijndaelBlockCipher" access="private">
        <cfargument name="key" type="string" required="true" >
        <cfargument name="ivSalt" type="string" required="true" >
        <cfargument name="bEncrypt" type="boolean" required="false" default="1">
        <cfargument name="blocksize" type="numeric" required="false" default=256>
        <cfscript>
        // Create a block cipher for Rijndael
        var cryptEngine = createObject("java", "org.bouncycastle.crypto.engines.RijndaelEngine").init(arguments.blocksize);
        // Create a Block Cipher in CBC mode
        var blockCipher = createObject("java", "org.bouncycastle.crypto.modes.CBCBlockCipher").init(cryptEngine);
        // Create Padding - Zero Byte Padding is apparently PHP compatible.
        var zbPadding = CreateObject('java', 'org.bouncycastle.crypto.paddings.ZeroBytePadding').init();
        // Create a JCE Cipher from the Block Cipher
        var cipher = createObject("java", "org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher").init(blockCipher,zbPadding);
        // Create the key params for the cipher    
        var binkey = binarydecode(arguments.key,"hex");
        var keyParams = createObject("java", "org.bouncycastle.crypto.params.KeyParameter").init(BinKey);
        var binIVSalt = Binarydecode(ivSalt,"hex");
        var ivParams = createObject("java", "org.bouncycastle.crypto.params.ParametersWithIV").init(keyParams, binIVSalt);
        cipher.init(javaCast("boolean",arguments.bEncrypt),ivParams);
        return cipher;
        </cfscript>
    </cffunction>
    <cffunction name="doEncrypt" access="public" returntype="string">
        <cfargument name="message" type="string" required="true">
        <cfargument name="key" type="string" required="true">
        <cfargument name="ivSalt" type="string" required="true">
        <cfscript>
        var cipher = createRijndaelBlockCipher(key=arguments.key,ivSalt=arguments.ivSalt);
        var byteMessage = arguments.message.getBytes();
        var outArray = getByteArray(cipher.getOutputSize(arrayLen(byteMessage)));
        var bufferLength = cipher.processBytes(byteMessage, 0, arrayLen(byteMessage), outArray, 0);
        var cipherText = cipher.doFinal(outArray,bufferLength);
        return toBase64(outArray);
        </cfscript>
    </cffunction>
    <cffunction name="doDecrypt" access="public" returntype="string">
        <cfargument name="message" type="string" required="true">
        <cfargument name="key" type="string" required="true">
        <cfargument name="ivSalt" type="string" required="true">
        <cfscript>
        var cipher = createRijndaelBlockCipher(key=arguments.key,ivSalt=arguments.ivSalt,bEncrypt=false);
        var byteMessage = toBinary(arguments.message);
        var outArray = getByteArray(cipher.getOutputSize(arrayLen(byteMessage)));
        var bufferLength = cipher.processBytes(byteMessage, 0, arrayLen(byteMessage), outArray, 0);
        var originalText = cipher.doFinal(outArray,bufferLength);
        return createObject("java", "java.lang.String").init(outArray);
        </cfscript>
    </cffunction>
    <cfscript>
    function getByteArray(someLength)
        byteClass = createObject("java", "java.lang.Byte").TYPE;
        return createObject("java","java.lang.reflect.Array").newInstance(byteClass, someLength);
    </cfscript>
    </cfcomponent>
    Thanks!,
    -Aaron

  • 1024 bit keys

    Hello,
    I've used the certificate app to generate CSR for WLS 6.1 SP2. But I
    couldn't find any field for key strength as mentioned in the documentation,
    generating only 512 bit key. Anyone know how I can generate stronger key?
    Thank you,
    Makoto

    Hello,
    I checked the license.bea file. Apparently our server only has 512 bit
    SSL/Export license.. So the server was probably generating 512 bit key (.der
    file). I wonder if we have to specify that when we request a certificate
    from Verisign....mmmmm
    Thanks,
    mk
    "Yeshwant" <[email protected]> wrote in message
    news:[email protected]..
    Hi Makoto,
    Do you have full strength (domestic)/128 bit ssl license
    when the server starts it should print something like
    <Jul 26, 2002 2:31:58 PM PDT> <Info> <WebLogicServer> <Loaded License :
    c:\beas61sp2\license.bea>
    <Jul 26, 2002 2:31:58 PM PDT> <Info> <WebLogicServer> <License allows full
    strength (domestic) SSL.>
    <Jul 26, 2002 2:31:58 PM PDT> <Info> <WebLogicServer> <Certificatecontents: 2
    certificate(s):
    Only in that case it will give you a choice to select 512,724 or 1068 bitkey
    >
    >
    Makoto Suzuki wrote:
    Hello,
    I've used the certificate app to generate CSR for WLS 6.1 SP2. But I
    couldn't find any field for key strength as mentioned in the
    documentation,
    generating only 512 bit key. Anyone know how I can generate strongerkey?
    >>
    Thank you,
    Makoto

  • How to tell if 128 or 256 bit encryption

    I have an encrypted disk image. I can access it fine. How do I tell if it was encrypted with a 128 or 256 bit key? All the info says is "encrypted".

    Found it!
    hdiutil imageinfo <path>

  • PKCS11 : Unable to generate AES token using C_GenerateKey function

    Hi All,
    I am using the Eracom's PSE HSM module. They have provided me with the PKCS11 Java interface. I am trying to generate a 128 bit AES secret key with the C_GenerateKey method. However, I keep getting a "incomplete template" exception. I am not sure what constitues a complete CK_ATTRIBUTES template when it comes to generating AES secret keys in PKCS11. This is the template that i have used for this purpose:-
    public static void generateKey(CK_SESSION_HANDLE session,
                   CK_MECHANISM_TYPE mechanismType, String keyName, boolean bPrivate,
                   CK_OBJECT_HANDLE hKey) {
              CK_MECHANISM keyGenMech = new CK_MECHANISM(mechanismType);
              CK_ATTRIBUTE[] template = { new CK_ATTRIBUTE(CKA.TOKEN, CK_BBOOL.FALSE),
                        new CK_ATTRIBUTE(CKA.SENSITIVE, CK_BBOOL.FALSE),
                        new CK_ATTRIBUTE(CKA.LABEL, keyName.getBytes()),
                        new CK_ATTRIBUTE(CKA.EXTRACTABLE, CK_BBOOL.FALSE),
                        new CK_ATTRIBUTE(CKA.DERIVE, CK_BBOOL.FALSE),
                        new CK_ATTRIBUTE(CKA.VERIFY, CK_BBOOL.FALSE),
                        new CK_ATTRIBUTE(CKA.EXPORTABLE, CK_BBOOL.FALSE),
                        new CK_ATTRIBUTE(CKA.ENCRYPT, CK_BBOOL.TRUE),
                        new CK_ATTRIBUTE(CKA.WRAP, CK_BBOOL.TRUE),
                        new CK_ATTRIBUTE(CKA.UNWRAP, CK_BBOOL.TRUE),
                        new CK_ATTRIBUTE(CKA.MODIFIABLE, CK_BBOOL.TRUE),
                        new CK_ATTRIBUTE(CKA.SIGN, CK_BBOOL.FALSE),
                        new CK_ATTRIBUTE(CKA.DECRYPT, CK_BBOOL.TRUE),
                        new CK_ATTRIBUTE(CKA.IMPORT, CK_BBOOL.FALSE),
                        new CK_ATTRIBUTE(CKA.EXPORT, CK_BBOOL.FALSE),
                        new CK_ATTRIBUTE(CKA.KEY_SIZE, new Long(128)) };
              CryptokiEx.C_GenerateKey(session, keyGenMech, template,
                        template.length, hKey);
         }I am passing "AES_KEY_GEN as the mechanism as defined in PKCS11. Since PKCS11 is a standard, key generation templates ideally should not vary accross implementations.
    Any help on this is greatly appreciated.

    I just had this same problem.
    I fixed it by using
    new CK_ATTRIBUTE(CKA.VALUE_LEN, new Long(16))  // 128 bit AES keyinstead of using CKA.KEY_SIZE. The documentation states that CKA.KEY_SIZE only applies to eliptic curves.

  • Need 256 Bit AES Full Disk Encryption for a Mac.  The other discussions regarding this issue are very old.  Does anyone have any current advice regarding encryption software?

    Does anyone have any advice regarding 256 bit full disk encryption software for Macs?  The other discussions on the topic are years old, so I would like some current input.  Thanks for your help in advance.

    Depending on your Mac, you might not want to upgrade to OS X 10.7 or 10.8 as it will not run the PowerPC based software your currently using costing a bundle to replace it all, also they will slow down your machine if it's not a more recent issue. You don't want to upgrade OS X without AppleCare defending your possibly bricked logicboard that's for sure.
    Filevault encrypts the boot drive, however in doing so makes it near impossible to fix if you have a software issue and need to recover files directly or by using specialty software. Also it robs the machine of performance even more than the Lions do. So you will really need a SSD to work best with 10.7/10.8 and Filevault, then it has to be freshly installed. Filevault needs 50% free space on the boot drive, then it's going to write to the slower 50% half of the hard drive where performance is terrible compared to the first 50%.
    Also Filevault is cracked under certain conditions, and if someone gets their hands on the machine (like the law) and knows what they are doing.
    If you take your Filevaulted machine to Apple to fix, they are going to require the password to fix the machine obviously.
    Software based encryption is vulnerable, you might want to instead place your sensitive data on external self-encrypting hardware that doesn't rely upon software or computer hacks/bypasses (ike freezing the RAM) to get to it.
    http://www.datalocker.com/products/datalocker-dl3.html
    Iron Keys for portable USB self encryption, both work with any computer, so your not locked into one platform.
    With the senstive data off the computer and on a external device, there is the option of removing, hiding and securing the device. If used with a computer that's never connected to the Internet, it's safe from snoopers, except from a survelliance van parked outside your door.

  • Pre-shared key should be at least 256 bits of cryptographically random data

    Hi all,
    i need some info, i got a client IPSEC VPN form.
    they asked that (Pre-shared key should be at least 256 bits of cryptographically random data)
    what does that really mean?
    Key consisting of 256 characters like abcdefg......till256 characters are done ?           
    or it means encryption we define in policy like
    crypto isakmp policy 8
    authentication  pre-share
    encryption  aes-256 ????????
    Please help me to understand this requirement for my cisco asa.

    64 hex characters  =  256 binary bits
    Michael
    Please rate all helpful posts

  • After I download a 256 kbps song using ITunes Match, how do I get it to play on my computer at the higher bit rate once I turn ITunes Match off again?

    After I download a 256 kbps song from the cloud using ITunes Match, how do I get it to play on my computer once I turn ITunes Match off again? I have been using ITunes Match for awhile now to increase the bit rate on songs to 256 kbps.  Once I download the songs at the new bit rate, I turn off Match because I want to eliminate duplicates. Usually there is no problem. This time, however, 278 of my songs lost their file association and were unplayable unless I locate the song files within my computer.  These are songs purchased from Amazon.  In order to play them again in ITunes (Match is now off), I must locate each song file individually (I've tried to do it in bulk but have not succeeded) but now the bit rate has returned to the lower number BEFORE I matched the song.  I should have never used Match in the first place. Any ideas, anyone?

    I discovered that the NEW 256 bit file does reside on my computer, in the ITunes files (My Music/ITunes/ITunes Media/Music.  So I can bring the songs back as 256 kbps, and I have been successful now at locating more than one file at a time, by clicking on the "find other missing files" tab in the popup window.  Previously, I'd been going back to my Amazon files, and not only was I unable to bring back a 256 version, but the popup window would not locate similar files.  So while I wish ITunes Match would automatically associate the ITunes Match file, at least I can retrive the file association without hours and hours of work.

  • Encrypt and Decrypt Card Number using AES 256 algorithm

    Dear All,
         I have a table in Sql Server database. in that table  storing
    Card_Information. This information is secured so that need to encrypt that data in sql server table.
    Can some one help on Encrypting and decryption process using AES 256 algorithm.
    Regards, Praveen

    Hello,
    See MSDN Cryptographic Functions (Transact-SQL) for all available en-/decryption function in SQL Server.
    Olaf Helper
    [ Blog] [ Xing] [ MVP]

Maybe you are looking for