Security :: Acceptable Kerberos Encryption - Error "ktutil: AES256/SHA1*: Encryption Type AES256/SHA1* Not Supported"
Dec 23, 2010
I am building an active directory and using BIND9 as my DNS. To allow for secure dynamic updates from the domain, I am enabling GSS-TSIG as detailed here and here. Unfortunately, some of the commands and configurations used here seem to be depreciated, at least in the newer versions that I'm using. My issue is one of keytab encryption. I generated a keytab using ktpass.exe on the Windows Server 2008 domain controller. I have tried DES/MD5, AES128/SHA1 and AES256/SHA1, each have been turned down by ktutil on the kerberos server (FreeBSD). Each time, it outputs the following error: ktutil: AES256/SHA1*: encryption type AES256/SHA1* not supported *Respective to encryption used.
I cannot find a list of suitable encryption schemes that ktutil will accept. The FreeBSD handbook details a means of producing a keytab file, but I'm not sure how to configure the Domain Controller to use the keytab.
OpenPGP Standard RFC 4880, not really a Linux Question, but as may be using GnuPG on Linux I thought I would ask here
The Modification Detection Code Packet is defined to use SHA-1, even though it does state in section 13.11. that this can be altered, and gives example methods. However this would cause interoperability, (q1)so I assume there is no standard method of doing this??
- How much of a threat do you believe this to be? Even though the SHA-1 hash is encrypted within the symmetrically encrypted integrity protected data packet.
I am running Red Hat Enterprise Server 6.0 I am having issues getting kerberos configured as a client to join a domain. Im getting below error message. "Failed to join domain: failed to connect to AD: KDC has no support for encryption type"
I used this password Pass1234 when I search password stored its Nh2yEjhdHIwtY what kind of encryption is used? I thought it was crypt() , but when I create crpypt on my local machine its different.
Using sudo iwlist scan, i will get a list of surrounding AP(s) around my laptop, is there a way to interpret the sudo iwlist scan results so that we can know what encryption type is the wireless network using?
there is one problem i encountered here while working with Embedded Artist board or Lpc 2478 uclinux.so my questions.what type of encryption does this uclinux use to encrypt the password?instead of using these 2 username and password,can i put my own password and username?
What should my partitions look like? I want to install this to my hard drive, I'm currently running it from DVD. My drive is sdb It has 153.3 GB (157065 MB) I want to know what format type should the partitions be, and how many megs they should be. Which partitions to encrypt, and which I don't need to.
is there anyone who checked your downloaded file against the provided key? i have successfully downloaded the Fedora-12-i386-DVD.iso several times, but the SHA1 is not the one in Fedora-12-i386-CHECKSUM is there anyone who has the same problem? the SHA1 i calculated is: 0dc8ed436f0b44874454a379e8de5ad057c0115d
also, performance is an issue for me, since i need to get the info out of 10m files (approx 6TB), so commands like find are preferred and less iterations among commands would be great too.
I am trying to install bugzila on CentOS release 5.5. In that process I have to install perl package Digest::SHA. I did it through yum (Doesnt seems to be recognized by cpan and bugzila)
I am not sure why cpan and bugzila are not recognizing the module and where is the mistake. I am unable to interpret why make file is having problem in cpan Can any one throw some light on what exactly is going wrong with my install
There are md5 and/or sha1 checksum files for the CentOS 5.5 ISO files, e.g. "part 1 of X". However there is no checksum for the combined ISO file. I believe we can check the media at boot time, but it would be nice to have a checksum for the combined ISO's and not just the individual pieces. Any file system should do an error free copy, but there is always the possibility of a copy not happening correctly. Is there any official source for the checksum files I'm looking for? There are sums for CentOS-5.5-x86_64-bin-DVD-1of2.iso and 2of2.iso but nothing for CentOS-5.5-x86_64-bin-DVD.iso.
x86_64 media and their sha1sums are: 0c27f508728f6a96f50e4201cd770fe9e57af3e2 CentOS-5.5-x86_64-bin-1of8.iso ff57db0cf9af9bfc65471f49444ea92cdc238347 CentOS-5.5-x86_64-bin-2of8.iso 0faf38976fbf4053180a25f7535d66b084092059 CentOS-5.5-x86_64-bin-3of8.iso b097bf9b747f2d16da00ff29f1e0d40b523b0a55 CentOS-5.5-x86_64-bin-4of8.iso f1179ec875c0b4792e56f660493e82f0aff5e0f3 CentOS-5.5-x86_64-bin-5of8.iso 009892c8de408dc091e5a96b4a4ab213f2d5fe17 CentOS-5.5-x86_64-bin-6of8.iso 9660e63bd06a68ce94fe98defae1a0806ab834ae CentOS-5.5-x86_64-bin-7of8.iso 80c74ca2622b9aee3621a13a0cf6dbdc7743b4ee CentOS-5.5-x86_64-bin-8of8.iso a85d7cd41f49f2146177dae52163d5dca276efc2 CentOS-5.5-x86_64-bin-DVD-1of2.iso bb9a2c140170f10ed854541004539890ef7c68c8 CentOS-5.5-x86_64-bin-DVD-2of2.iso 3a04aa81ef75f329bf245a8c4f02af8137a84fb8 CentOS-5.5-x86_64-LiveCD.iso 231af7ca726557634a1f4d4f57436aab5a75f3b4 CentOS-5.5-x86_64-netinstall.iso
The MD5 sum I get is: ; SlavaSoft Optimizing Checksum Utility - fsum 2.52.00337 ; Generated on 01/01/11 at 10:54:56 ; 9b0d108cb3a80a9ce1eb9c3bcde0aceb *CentOS-5.5-x86_64-bin-DVD.iso
The SHA1 sum I get is: ; SlavaSoft Optimizing Checksum Utility - fsum 2.52.00337 ; Generated on 01/01/11 at 11:12:17 ; 40d11a8901a6af0c295a284b17dcdb66a83dc070 ?SHA1*CentOS-5.5-x86_64-bin-DVD.iso
I will try to keep this straight-forward. Yesterday I was able to access an ubuntu 10.10 (edubuntu) desktop using the tightVNC viewer that I installed on my Vista laptop. I never set anything up on the desktop it just worked and I didn't question it.
Today I get the following error on the viewer software: "Server did not offer supported security type" The only thing that has changed was that I installed a bunch of updates yesterday afternoon, but I am not sure what changed.
it is about the program sha1sum to create SHA1-hashes. As you probably know, SHA1-Hashes do have the length 20 byte. So when I just type:
Code: sha1sum myfile
it produces an output of
Code: (some20byte) myfile
just as it should. Now I want to store the 20byte hash in another file, I use this command:
Code: sha1sum myfile | awk "{print $1}" >> myhash
Unfortunately I'm not familiar with awk, but this should cut off the end of the sha1sum output, which is the name of the file again. The problem here is: The newly created file myhash has the size 41 bytes, and printing it out I can see that it is not the original hash (I wrote a little program to print it bytewise).
This is installed and I get this error. I am attempting to install razor-agents 2.84 and get this error along with: Warning: prerequisite URI::Escape 0 not found.
Both of these were install in CPAN. When I attempt to install them again, they say they are up to date.
In 10.04 I was using the following commands to mount an encrypted disk image:
Code: sudo losetup -f Which tells what loop back device block is available Then I'd type:
Code: sudo losetup -e aes /dev/loop0 /home/user/crypt.img and then enter the device's password
Code: sudo mount -t ext4 /dev/loop0 /media/crypt I've tried this in 10.10 and it hasn't been working (I can't remember if I did anything in 10.04 to make it work). I've installed the loop-aes-utils package and restarted my machine. Every time I try the 2nd step, after entering the password I get: Code: ioctl: LOOP_SET_STATUS: Invalid argument, requested cipher or key length (128 bits) not supported by kernel
I am not very security minded...I'm aware of it, and always made sure I had up-to-date overall protection in Windows but firewalls, and the blasted passwords are largely a thorn in my side!When I got my iPhone last year I suddenly discovered password managers & "wallets" to keep all that kind of information in and syncable across different devices. My life got so much easier. Of course now I need to figure out encryption keys, and how they work (I'm clueless). I also need to find a program or system that I can move my existing low-tech info (mailnly user name & passwords) that will also accomodate the increased needs of Ubuntu security and still be sync-able. I started a little research weeks ago, but my current "wallet" only exports .csv so I quit since I'm going to have to do a lot of data entry whatever I go with.So here goes:
1) what is the difference (bare bones) between using an encryption key (e.k.) vs. a standard user created password? what situations are better suited for e.k.?
2) I have seahorse (default intall with Ubuntu I guess) but the only thing in it is Login under passwords which leads to a login keyring (?) and a drop-down list of about 6-10 of the gazillon passwords I use daily. The other tabs are for keys which I don't have any concept of.
3) I know FF also "remembers" user id & passwords as you choose to have it do so. Is that information transferable into seahorse or another program?
4)I'm also (today) getting ready to really set up my system for user names & security across my little home network. How can I integrate that into whichever program/app I go with to store my pwds and keys?
5)give me links to fairly current documentation on this stuff?
6) Any program/app recommendations.Pros/cons uses, what they can & can't do or be used for, etc.
I am looking for some software (not Tryecrypt) where I can just right click a file and it will encrypt it for me. It would be nice to unencrypt on Windows but not essential.
Is it possible to have two passwords associated with one account, one that is the actual one, and another one, a duress password, that upon entering gives a similar (desktop) environment with "decoy data"?
The idea is to have the bogus password go to an encrypted home drive that looks as if it were the real deal, but it is wiping particular sensitive (encrypted) data that is visible only with the real password in the background, so that the actual data that need to be protected are not compromised. While the person who unlocked the computer tries to find the information on it between all the rubbish files, the real files are securely wiped. The files are very sensitive in nature, so it's better to have then destroyed than have unauthorized people access them, in the event of that happening.
I happen to know that TrueCrypt has a similar option but that requires an entire decoy operating system (and I think that might be a bit conspicuous), but is there a native linux way to do it?
When you install sshd and run it with no modifications, then any other machine can connect to your machine without specifying a key. How does this work? Some key is being used, correct? how does the client know what private key to use?
I have an encrypted /home partition but would like to set up a guest account for my brother. Obviously, encryption doesn't work so well when you give out the key so what I'd like to do is specify a different, unencrypted location as a home directory for the guest account so he doesn't need access to that partition. Is there a way of doing this?
I've got fedora 10, dual boot with windows, 2 hard drives, 1st is NTFS windows. 2nd is split into a swap, ext3 for the OS, and an encrypted partition for /home.
When I installed Fedora selected the option to encrypt the hard drive. I want to change the passphrase, is there a way to change the passphrase, or do I have to re-install Fedora?
1.) I am wondering how to enable the lock to an encrypted partition which has been unlocked, using luks? On boot, I am been asked automatically for the pass phrase to unlock my partitions. After doing a back up, I want lock the encrypted partition again, but I don't know the command?! I umounted the partition but after mounting it again, I was not asked for the pass phrase but had access to my data.
2.) How secure is the default fedora version of luks? Is truecrypt better?
When 10.04 is released I'll encrypt my /home partition using luks. I've read that xts is good for hard drive encryption and aes is good for cipher encryption. I'm looking for something that is fairly secure without sacrificing a lot of speed.
I want to create an encrypted directory using the cfs package. So far I've only been able to create the top directory. When I want to attach an encrypted directory using
Code: cattach directory1 directory2
get the following message in command line:
Code: RPC: unable to receive
When i look into my /crypt directory, nothing was added there. I have no idea what could be the problem. I use Ubuntu 10.04 LTS.
