6 More Discussions You Might Find Interesting
1. Solaris
Hi,
Our most of servers are on Solaris 11.2 (with no SRU). Recently I upgraded one of them to Solaris 11.4. It has to go in multiple steps, as it can not jump fro 11.2 to 11.4 in one go. After upgrading, I can not login to server with SecureCRT and it through error
key exchange failed: cipher... (1 Reply)
Discussion started by: solaris_1977
1 Replies
2. UNIX for Advanced & Expert Users
Hi,
As part of the security hardening activity in our team, we have to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.
To do this, in sshd_config I comment out these lines :
Ciphers aes128-cbc,blowfish-cbc,3des-cbc
MACS hmac-sha1,hmac-md5
and add... (9 Replies)
Discussion started by: anaigini45
9 Replies
3. Solaris
Hi All
Is any one know how to diable CBC mode cipher encryption along with MD5 & 96 bit MAC algorithm in solaris 10.
Regards (4 Replies)
Discussion started by: amity
4 Replies
4. Cybersecurity
I have read the forums for strengthing the openssl ciphers on a server and the following command I can run:
openssl ciphers -v 'TLSv1+HIGH:!SSLv2:RC4!MEDIUM:!aNULL:!eNULL:!3DES:!EXPORT:@STRENGTH'
I have some services that cannot be set to higher levels like you can set in an httpd.conf file.... (1 Reply)
Discussion started by: hydrashok158
1 Replies
5. Shell Programming and Scripting
Hello everyone,
I am attempting to execute a script through SSH and am getting "unkown cipher type error".... Here is my command:
ssh paydvopl02 -c '"/home/jpassema/test.sh 1"'
and the actual error message :
Unknown cipher type '"/home/jpassema/test.sh 1"'
the test.sh script is... (6 Replies)
Discussion started by: jimmy75_13
6 Replies
6. UNIX for Dummies Questions & Answers
Hi,
At the moment there are two ciphers available on our unix box (aix 5.1)...aes256 and 3des. Can somebody tell how can use a different cipher (aes128 one that use less cpu and is faster). How do i install this. How can i see wich ciphers are available. In the config file of ssh2 the folowwing... (0 Replies)
Discussion started by: lennyxx
0 Replies
LEARN ABOUT DEBIAN
convert::pem::cbc
Convert::PEM::CBC(3pm) User Contributed Perl Documentation Convert::PEM::CBC(3pm)
NAME
Convert::PEM::CBC - Cipher Block Chaining Mode implementation
SYNOPSIS
use Convert::PEM::CBC;
my $cbc = Convert::PEM::CBC->new(
Cipher => 'Crypt::DES_EDE3',
Passphrase => 'foo'
);
my $plaintext = 'foo bar baz';
$cbc->encrypt($plaintext);
DESCRIPTION
Convert::PEM::CBC implements the CBC (Cipher Block Chaining) mode for encryption/decryption ciphers; the CBC is designed for compatability
with OpenSSL and may not be compatible with other implementations (such as SSH).
USAGE
$cbc = Convert::PEM::CBC->new(%args)
Creates a new Convert::PEM::CBC object and initializes it. Returns the new object.
%args can contain:
o Cipher
Either the name of an encryption cipher class (eg. Crypt::DES), or an object already blessed into such a class. The class must support
the keysize, blocksize, encrypt, and decrypt methods. If the value is a blessed object, it is assumed that the object has already been
initialized with a key.
This argument is mandatory.
o Passphrase
A passphrase to encrypt/decrypt the content. This is different in implementation from a key (Key), because it is assumed that a
passphrase comes directly from a user, and must be munged into the correct form for a key. This "munging" is done by repeatedly
computing an MD5 hash of the passphrase, the IV, and the existing hash, until the generated key is longer than the keysize for the
cipher (Cipher).
Because of this "munging", this argument can be any length (even an empty string).
If you give the Cipher argument an object, this argument is ignored. If the Cipher argument is a cipher class, either this argument or
Key must be provided.
o Key
A raw key, to be passed directly to the new cipher object. Because this is passed directly to the cipher itself, the length of the key
must be equal to or greater than the keysize for the Cipher.
As with the Passphrase argument, if you give the Cipher argument an already-constructed cipher object, this argument is ignored. If the
Cipher argument is a cipher class, either this argument or Passphrase must be provided.
o IV
The initialization vector for CBC mode.
This argument is optional; if not provided, a random IV will be generated. Obviously, if you're decrypting data, you should provide
this argument, because your IV should match the IV used to encrypt the data.
$cbc->encrypt($plaintext)
Encrypts the plaintext $plaintext using the underlying cipher implementation in CBC mode, and returns the ciphertext.
If any errors occur, returns undef, and you should check the errstr method to find out what went wrong.
$cbc->decrypt($ciphertext)
Decrypts the ciphertext $ciphertext using the underlying cipher implementation in CBC mode, and returns the plaintext.
If any errors occur, returns undef, and you should check the errstr method to find out what went wrong.
$cbc->iv
Returns the current initialization vector. One use for this might be to grab the initial value of the IV if it's created randomly (ie. you
haven't provided an IV argument to new):
my $cbc = Convert::PEM::CBC->new( Cipher => $cipher );
my $iv = $cbc->iv; ## Generated randomly in 'new'.
Convert::PEM uses this to write the IV to the PEM file when encrypting, so that it can be known when trying to decrypt the file.
$cbc->errstr
Returns the value of the last error that occurred. This should only be considered meaningful when you've received undef from one of the
functions above; in all other cases its relevance is undefined.
AUTHOR & COPYRIGHTS
Please see the Convert::PEM manpage for author, copyright, and license information.
perl v5.10.1 2010-12-07 Convert::PEM::CBC(3pm)