Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [cryptography]

63 questions
0
votes
0 answers

Check for SSL Weak Ciphers SSL3_RSA_RC4_128_MD5, SSL3_RSA_RC4_128_SHA, TLS1_RSA_RC4_128_MD5, TLS1_RSA_RC4_128_SHA

I am getting a serve ready for PCI compliance, and have one area with crypto from apache with the following report: Weak ciphers offered by this service: SSL3_RSA_RC4_128_MD5 SSL3_RSA_RC4_128_SHA TLS1_RSA_RC4_128_MD5 …
morleyc
  • 1,150
  • 13
  • 47
  • 89
0
votes
1 answer

Can't build crc32c(a nodejs package)

It's not really nodejs related. It's a C implementation. Firstly, while building, it exits with error: "warning: linux/if_alg.h: No such file or directory". Then I run yum install kernel-devel-{version}, but it doesn't work. Secondly when I copy…
user239843
0
votes
1 answer

Smartcard (USB Cryptostick) and Firefox

I am having a GPF-Cryptostick running on ubuntu 11.04 with firefox 5.0. Using a smartcard is such a great thing, but i did not found any good how-tos. Maybe it is just a lack of understanding. First: My Cryptostick (Smartcard) works fine. I am using…
Janning
  • 1,421
  • 2
  • 21
  • 38
0
votes
0 answers

How do TOR nodes select the CircID's when creating, or extending, a circuit?

I am coding my own version of TOR and I am trying to set up circuit management. I looked at the TOR spec and it says: To prevent CircID collisions, when one node sends a CREATE/CREATE2 cell to another, it chooses from only one half of the possible…
saarmz
  • 1
0
votes
0 answers

Why should I disable insecure SSH hostkeys if I never plan on using them?

A number of articles suggest removing insecure (broken) SSH key types in order to have a more secure server. In practice, if I only connect to the server with secure key types, why should I bother deleting insecure key types? What is a practical…
angryserver
  • 1
  • 1
0
votes
1 answer

Disabling reneg-sec on openvpn

I'm using a kylemanna/openvpn image (Openvpn 2.4) with default settings and I've noticed that each client disconnects for 1 minute every 1 hour. I believe it's connected to reneg-sec, which defaults to 3600 seconds. This is an issue for me, because…
eeeeeeeeeeeeeeeeeeeeeeeeeeeeee
  • 101
  • 2
0
votes
0 answers

How is setting the system-wide cryptographic policy for Java supposed to work?

When migrating a proprietary Java (and Jetty) based application from RHEL7 to RHEL8 I learned something new: At least with OpenJDK 11 the JVM still defaults to a 1024 bit Diffie-Hellman group unless one specifies the system property…
mss
  • 435
  • 1
  • 6
  • 16
0
votes
1 answer

Understanding SSH Public Key Auth Ciphers

I have a technical recommendation for SSH that states we should only use the following algorithms for Public Key authentication. Unfortunately the guide does not mention the exact names of ciphers as they are used in OpenSSH an I have difficulty…
John Nemo
  • 17
  • 3
0
votes
1 answer

Docker container CMAKE gives crypto/fips/fips.c:153: OpenSSL internal error: FATAL FIPS SELFTEST FAILURE - dracut-fips crypto.fips_enabled = 1

Getting crypto/fips/fips.c:153: OpenSSL internal error: FATAL FIPS SELFTEST FAILURE when dracut-fips package is installed and sysctl -a shows crypto.fips_enabled = 1 Restriction: Can not disable dracut-fips package or crypto.fips_enable setting in…
AKS
  • 115
  • 1
  • 8
0
votes
1 answer

Create new SubCA certificate fails with NTE_PROV_TYPE_NOT_DEF

I am trying to manually create a key and CSR for a new Windows AD CS Enterprise Subordinate CA (Windows Server 2019). I'd like to store the key in the modern Microsoft Software Key Storage Provider. It fails with Provider type not defined.…
Daniel
  • 6,940
  • 6
  • 33
  • 64
0
votes
2 answers

Ubuntu - Is there any programme for MD5 rainbowtables on Ubuntu?

I've been reading about Rainbow Tables recently. There's a few webpages that will do a reverse look up for an MD5 hash. Is there any programme on Ubuntu that lets me do this? Is there something in Ubuntu that will let me generate my own rainbow…
Amandasaurus
  • 31,471
  • 65
  • 192
  • 253
0
votes
0 answers

Are there any Operating Systems or Browsers that still depend on having these Ciphers enabled?

Doing a litle Cryptography Research and hit a case of conflicting data so wanted to try here. I'm running a Web Service and currently support these 2 Ciphers: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0X9F) DH 4096 BITS FS…
Adamski2505
  • 1
  • 3
0
votes
1 answer

How to list all of the known root keys in docker (Docker Content Trust)

How can I list all of the Docker Content Trust root keys on my system? I am setting up a CI process that will use the debian:stable-latest docker image to build my application's releases in ephemeral cloud instances. I want to make sure that every…
Michael Altfield
  • 739
  • 2
  • 8
  • 23
-1
votes
1 answer

Secure access to a site using SSL sertificate

I need to implement secure access to the corporate site using SSL certificates. After long time of searching I've came to conclusion that there are 2 ways to do that: creating own self-signed root CA certificate, then creating key and certificate…
folibis
  • 149
  • 6
-1
votes
1 answer

Create random file with openssl

So I read this questionUrandom Alternative, but I am unable to make a comment there (without 50 rep) - therefore I open a separate question: If I use this command instead of dd and urandom, how do I set the size of the resulting…
user1252280
  • 119
  • 4
1 2 3
4
5