How to disable encryption below 128 bit in Websphere ?
Hi,
Hi I have setup Websphere Portal and Apache server on Solaris.
The problem is that clients are allowed to negotiate lower encryption levels and by default the Websphere Apache HTTP server accepts 56-bit keys (your Firefox client requested 256-bit AES below).
Received a vulnerability - SSH INSECURE HMAC ALGORITHMS ENABLED.
The solution was to Disable any 96-bit HMAC Algorithms. Disable any MD5-based HMAC Algorithms.
Can someone please tell me how to disable in AIX 5.3?
Thanks,
Sudo (1 Reply)
Hi all,
I'm looking for secure file encryption tools that use MAC address as encryption key. FYI, I'm using Red Hat Enterprise Linux OS.
For example: when A wants to send file to B
A will encrypt the file with B's computer MAC/IP address as an encryption key
This file can only be decrypted... (2 Replies)
Hi all Expertise,
I have following issue to solve,
SSL / TLS Renegotiation DoS (low) 222.225.12.13
Ease of Exploitation Moderate
Port 443/tcp
Family Miscellaneous
Following is the problem description:------------------
Description The remote service encrypts traffic using TLS / SSL and... (2 Replies)
Hello,
I recently had a Retina scan of my system and there are some findings I do not understand.
SSL Week Cipher Strength Supported - Retina has detected that the targeted SSL Service supports a cryptographically weak cipher strength... Disable ciphers that support less than 128-bit... (4 Replies)
My dilemma,
I need to send, deemed confidential, information via e-mail (SMTP). This information is sitting as a file on AIX. Typically I can send this data as a e-mail attachment via what we term a "mail filter" using telnet. I now would like to somehow encrypt the data and send it to a e-mail... (1 Reply)
Hi there,,
I am trying to access to one of the sites on the net but am not able to coz it gives an error saying
" The page must be viewed with a high-security Web browser"Upgrade your Web browser to the 128-bit version. "
I use IE.v6.0
kindly tell me how can i access to... (3 Replies)
md5crypt(n) MD5-based password encryption md5crypt(n)
__________________________________________________________________________________________________________________________________________________NAME
md5crypt - MD5-based password encryption
SYNOPSIS
package require Tcl 8.2
package require md5 2.0
package require md5crypt ?1.1.0?
::md5crypt::md5crypt password salt
::md5crypt::aprcrypt password salt
::md5crypt::salt ?length?
_________________________________________________________________DESCRIPTION
This package provides an implementation of the MD5-crypt password encryption algorithm as pioneered by FreeBSD and currently in use as a
replacement for the unix crypt(3) function in many modern systems. An implementation of the closely related Apache MD5-crypt is also avail-
able. The output of these commands are compatible with the BSD and OpenSSL implementation of md5crypt and the Apache 2 htpasswd program.
COMMANDS
::md5crypt::md5crypt password salt
Generate a BSD compatible md5-encoded password hash from the plaintext password and a random salt (see SALT).
::md5crypt::aprcrypt password salt
Generate an Apache compatible md5-encoded password hash from the plaintext password and a random salt (see SALT).
::md5crypt::salt ?length?
Generate a random salt string suitable for use with the md5crypt and aprcrypt commands.
SALT
The salt passed to either of the encryption schemes implemented here is checked to see if it begins with the encryption scheme magic string
(either "$1$" for MD5-crypt or "$apr1$" for Apache crypt). If so, this is removed. The remaining characters up to the next $ and up to a
maximum of 8 characters are then used as the salt. The salt text should probably be restricted the set of ASCII alphanumeric characters
plus "./" (dot and forward-slash) - this is to preserve maximum compatability with the unix password file format.
If a password is being generated rather than checked from a password file then the salt command may be used to generate a random salt.
EXAMPLES
% md5crypt::md5crypt password 01234567
$1$01234567$b5lh2mHyD2PdJjFfALlEz1
% md5crypt::aprcrypt password 01234567
$apr1$01234567$IXBaQywhAhc0d75ZbaSDp/
% md5crypt::md5crypt password [md5crypt::salt]
$1$dFmvyRmO$T.V3OmzqeEf3hqJp2WFcb.
BUGS, IDEAS, FEEDBACK
This document, and the package it describes, will undoubtedly contain bugs and other problems. Please report such in the category md5crypt
of the Tcllib SF Trackers [http://sourceforge.net/tracker/?group_id=12883]. Please also report any ideas for enhancements you may have for
either package and/or documentation.
SEE ALSO
md5
KEYWORDS
hashing, md5, md5crypt, message-digest, security
CATEGORY
Hashes, checksums, and encryption
COPYRIGHT
Copyright (c) 2003, Pat Thoyts <patthoyts@users.sourceforge.net>
md5crypt 1.1.0 md5crypt(n)