Error when trying to apply Always Encrypted encryption on aspnet_Membership table

I’m trying to encrypt the Email and LoweredEmail columns on a SQL database using Always Encrypted encryption using SSMS and I always get the same error:

Lock request time out period exceeded. There is no user table matching the input name ‘(dbo).(aspnet_Membership)’ in the current database or you do not have permission to access the table.
I still get the same error when I log in as the SA account, sio I guess that it’s not a permissions problem.

SSMS select column
SSMS key
SSMS proceed
SSMS summery
SSMS error

EDIT *** Added the PowerShell Script

Import-Module SqlServer

$password = “”
$sqlConnectionString = “Data Source=GALADRIELSKYLINE;Initial Catalog=SkylineMembership;User ID=sa;Password=$password;MultipleActiveResultSets=False;Connect Timeout=30;Encrypt=False;TrustServerCertificate=False;Packet Size=4096;Application Name="Microsoft SQL Server Management Studio“”
$smoDatabase = Get-SqlDatabase -ConnectionString $sqlConnectionString

#Add-SqlAzureAuthenticationContext -Interactive

#Add-SqlAzureAuthenticationContext -ClientID ” -Secret ” -Tenant ”

$encryptionChanges = @()

$encryptionChanges += New-SqlColumnEncryptionSettings -ColumnName dbo.aspnet_Membership.Email -EncryptionType Deterministic -EncryptionKey “CEK_Auto1”
$encryptionChanges += New-SqlColumnEncryptionSettings -ColumnName dbo.aspnet_Membership.LoweredEmail -EncryptionType Deterministic -EncryptionKey “CEK_Auto1”

Set-SqlColumnEncryption -ColumnEncryptionSettings $encryptionChanges -InputObject $smoDatabase

encryption – Is the following encoded or encrypted, and how?

I am trying to figure out if the following string is encoded or if it is encrypted and what algorithm was used in either case. Is there some easy way, to try all sort of different algorithms at once maybe?

This is what I am talking about:

V1|92a73b91c5aeb18e83e7132b61ad510ad02d7a566940a8191d07c05726bece18M/K/BqwMMVyZL9EHR16IPtzujFTeVNKCLqQl3/JiqA8btXnRBQcswB4Rv54RpZoxlxWe9lSEybmKfOp/JJ0Phg==

Open WiFi Network Where All Confidential Communication is Encrypted Through Other Means

Imagine the following scenario:

  • Users connect to an open WiFi network (no password, no encryption)
  • All users stick to secure transmission protocols for all confidential data (HTTPS, SSH, VPN, etc.)
  • Users devices do not accept any inbound connections

Would this scenario provide a reasonable level of security for the users involved? Or perhaps more importantly, does a malicious user’s presence on an unencrypted WiFi network pose a known threat to the other users?

Cryptocurrency wallet Chrome extension – encrypted data?

I had a crypto wallet a couple years ago called NEX (extension onofpnbbkehpmmoabgpcpmigafmmnjhl) and have since lost the backup phrases as I reset the hard drive to give to a family friend to use without realising the phrases were there (hid the file so well I didn’t find it). I managed to get a copy of the Chrome extension files back using Recuva and have the 000003.log file in Local Extension Settings.

I tried to follow a similar guide for Metamask to retrieve the phrases (https://metamask.zendesk.com/hc/en-us/articles/360018766351-How-to-use-the-Vault-Decryptor-with-the-MetaMask-Vault-Data) but this didn’t apply as the log file seems to be encrypted. I assume it’s encrypted as some of the data is in plain text:

IEC 61966-2-1 Default RGB Colour Space – sRGB
XYZ b™ ·… ÚXYZ P meas
XYZ 3 ¤XYZ o¢ 8õ sig CRT desc
-Reference Viewing Condition in IEC 61966-2-1

But most of it looks like this:

óJE-ºMzÔ#Ä»£ÆhRO«_…ôË(K9Õ2åË>¨%ŽÔB5š5ëÇÒji®¬k¹<9z)ôG¹c”ºécë+è0¨K®Jj^JSŽ—šArÄïíRÇÉ#ÝÒK3{%”#·Â(¿/Ĭ(Šv/,äþ^‚ò$â$õIj—èVRmuè‡Zôóñi´.¤¦iXyçáß$´~þ¢õG 0M÷RŒí䛀ßs‘6y‰÷L%žY*.Di6¯·iÏ+™Öd­ãè»ñ±ÖÜWá³chm›N­˜DùšiÄV é<ƒÚS ¤ÒêAíq’

The developer has been useless and of no help so I am desperate here looking for some advice on where to start. I couldn’t locate an LDB file linked to this so have to assume it’s all in this log file.

Thanks in advance.

encryption – Passwords stored as obfuscated text, not encrypted

An application I admin (but did not develop or implement) claims to be storing passwords in a database using “reversible encryption.”

I have access to the database table, and was able to work out that they’re really only obfuscated, and can determine the clear text values by applying a simple mapping. This seems very bad, am I right to be concerned? Recommended next steps?

mount – Can’t open luks encrypted drive with bash

I try to mount an encrypted hdd. This works fine with this command in the terminal:

sudo cryptsetup luksOpen /dev/sda1 myDisk --key-file /root/keyfile

The hdd is decrypted and mounted after this command. Since I want to do this auto. on boot, I tried to put this command in a bash script.
Just the command above, nothing else. For some reason, if I execute the script via terminal:

sudo bash myScript.sh

I get a message:

Failed to open key file.

I tried it with the password instead:

echo "myPassword" -n | sudo cryptsetup luksOpen /dev/sda1 myDisk -d -

which worked in terminal fine, but in the script it did not.
Using /etc/crypttab instead is not an alternative, since there are multiple ext. hdds used, which will later use the same keyfile, but I don’t have access to the hdds and the UUIDs now.

I am grateful for any advice
BR Michael

encryption – Do LUKS2 encrypted partitions with Keyfiles use a KDF?

I gather from the cryptsetup manpages that LUKS2 uses argon2i by default for strengthening a user-password to decrypt the partition. However if a 256 bit keyfile with data from /dev/random, how does a KDF make guessing that password harder?

Wouldn’t you just have the 2^256 probability either way then? So an attacker would just try and guess the password that’s used for e.g. AES-XTS and not the keyfile.

So if I were to use a 256bit random keyfile(longer doesn’t seem to do anything useful either),
could I just disable the KDF?

Does it help me if I generate a 1MB keyfile and set argon 2i(d) to 10k iterations and use 2GB ram?

encryption – Is client-side encrypted data really personal data

Scenario: My service that is storing customer files is hosted on my own personal physical server, “on-prem”. It is then using one of the popular cloud storage services (Azure blob storage, AWS S3) to store these customer files. They may or may not contain personal data.

Before the data is sent from my server to the cloud service the data is encrypted with my secret keys that are only ever stored on the on-prem-server.

Since I am using an encryption algorithm that is considered secure and the keys never goes to the cloud, would the data I send to Azure/AWS be considered personal data under GDPR? Would I for example have to include the storage service as a sub-processor in my published list of sub-processors?

authentication – Using an encrypted username in API calls

I’m writing a RESTful API for a website I’m building and it has methods that use user permissions. For example, I have a method called removeResource(resource_id: int, user: string). The larger pipeline is the user logs in which called an API method that checks their username and password, then if their password is correct returns an encrypted string with their user id. The encryption and decryption is done with Fernet symmetric encryption (https://cryptography.io/en/latest/fernet.html) on the API side. Users have permissions set for what they’re allowed to do.

I’m worried about the case when someone tries to make an API call they don’t have permission to, so I’m also sending the encrypted user id with every API call that requires permissions. Then I’m decrypting their id on the API side and checking the user’s permissions from a database to decide if they actually have permissions for the API they’re trying to make.

Is this a safe way to do authentication and be sure a user can’t spoof a different user id in API calls since they won’t be able to encrypt to a different user id without the key for Fernet that’s saved on the API side?

Can Kaspersky’s default encrypted connection scanning exclusion list be modified by end user? [migrated]

I am just wondering whether can I modify the Kaspersky’s default encrypted connection scanning exclusion list itself, without any sites being added to or removed from the "Trusted Address". I have included a screenshot of the list that I am talking about for your convenience.

enter image description here