avatarTeri Radichel

Free AI web copilot to create summaries, insights and extended knowledge, download it at here

1708

Abstract

setting. It’s realated to hardware crypto acceleration:</p><div id="d03b" class="link-block"> <a href="https://docs.netgate.com/pfsense/en/latest/hardware/cryptographic-accelerators.html"> <div> <div> <h2>Hardware - Cryptographic Accelerator Support | pfSense Documentation</h2> <div><h3>Cryptographic acceleration is available on some platforms, typically on hardware that has it available in the CPU like…</h3></div> <div><p>docs.netgate.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/)"></div> </div> </div> </a> </div><p id="a734">So I don’t know if that means if CBC is used it will just be slower or CBC is now not allowed. I also am not sure after reading this documentation if it only applies to IPSEC VPNs or other encryption as well.</p><p id="bcc4">I also found this post:</p><div id="a478" class="link-block"> <a href="https://forum.netgate.com/topic/180541/ipsec-mb-use-case/6"> <div> <div> <h2>IPsec-MB use case</h2> <div><h3>Im running a SG-6100. Im confused if this should be enabled at all considering this one-liner in the documentation…</h3></div> <div><p>forum.netgate.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/0*saxW0D9bjitmFqVQ)"></div> </div> </div> </a> </div><p id="9420">It would be great if someone who is more

Options

of a crypto expert than me would do a deep dive on all of this. I’d love to read it. 🙂</p><p id="66a1">Follow for updates.</p><p id="4a3a">Teri Radichel | <i>© <a href="https://2ndsightlab.com/?source=post_page---------------------------">2nd Sight Lab</a> 2024</i></p><div id="8b5f"><pre><span class="hljs-section">About Teri Radichel:

⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab</pre></div><div id="caae"><pre><span class="hljs-section">Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</span>
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation</pre></div><div id="afb0"><pre>Follow <span class="hljs-keyword">for</span> more stories like <span class="hljs-keyword">this</span>:

❤️ Sign Up my Medium Email List ❤️ Twitter: <span class="hljs-meta">@teriradichel</span> ❤️ LinkedIn: https:<span class="hljs-comment">//www.linkedin.com/in/teriradichel</span> ❤️ Mastodon: <span class="hljs-meta">@teriradichel</span><span class="hljs-meta">@infosec</span>.exchange ❤️ Facebook: 2nd Sight Lab ❤️ YouTube: @2ndsightlab</pre></div><figure id="5610"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/0*H9Ew1KCl-29nZiPR.jpeg"><figcaption></figcaption></figure></article></body>

Disable AES CBC on pfSense

How and when does this matter?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Check out my series on Automating Cybersecurity Metrics. The Code.

🔒 Related Stories: Network Security | pfSense

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Was just looking at my pfSense configuration and noticed this hardware crypto section:

Hmm. There have been a lot of issues AES-CBC lately (cookbook mode).

I wondered if there was a way to disallow AES-CBC.

Found this:

System > Advanced > System Tunables > kern.crypto.iimb.enable_aescbc

I set it to 0.

I can’t find a lot about that setting. It’s realated to hardware crypto acceleration:

So I don’t know if that means if CBC is used it will just be slower or CBC is now not allowed. I also am not sure after reading this documentation if it only applies to IPSEC VPNs or other encryption as well.

I also found this post:

It would be great if someone who is more of a crypto expert than me would do a deep dive on all of this. I’d love to read it. 🙂

Follow for updates.

Teri Radichel | © 2nd Sight Lab 2024

About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab
Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation
Follow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab
Pfsense
Cryptography
Aes
Cbc
Network Security
Recommended from ReadMedium
avatarAbdul Issa
Honeypots 101: A Beginner’s Guide to Honeypots

Exploring Honeypots And The Art of Cybersecurity Deception

8 min read
avatarProf Bill Buchanan OBE FRSE
ElGamal Encryption With The Ristretto255 Group

I think if John Napier were alive today he would wonder at how discrete logarithms have been used to secure our world. And, I am also sure…

4 min read
avatarSagar #OpenToWork
Essential Linux Terminal Hacks for Efficiency.

Tips and tricks in Linux terminal for better productivity and ease of use.

4 min read
avatarMeng Li
Google Lays Off Flutter and Dart Teams Following Python Team Cuts

The Truth Behind Google’s Mass Layoffs: How Tech Giants Adapt in the Era of AI

4 min read
avatarHarper Huff
Splunk, Sysmon, Atomic Red Team (ART) Lab

Objective: Spin up a Host to run Atomic Red Team (ART) tests, Sysmon to capture logs, and Splunk for the SIEM, ingest logs into Splunk, and…

7 min read
avatarUmar Farouk
NIST has Changed the game again……

Some great news came out of the National Institute of Standards and Technology (NIST). They would be offering four introductory courses…

6 min read