Replacement of Three-Key Triple DES in Password2 fields
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-04-2024 01:21 AM
Hi Everyone,
If we replace Three-Key Triple DES in Password2 with Advanced Encryption Standard (AES) what would be the impact on keeping user name and password stored? Could anyone provide insights on what this transition entails in terms of security, efficiency, and any potential impacts on our current user authentication system? Additionally, are there any best practices or considerations we should be aware of when making this switch? Any experiences or advice would be greatly appreciated.
Thank you!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-04-2024 01:37 AM
Before that, I need to understand your requirement? What do you want to achieve?
Regards,
Amit
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-04-2024 02:37 AM
Hi @Amit Pandey , Thank You for your reply-
Our instance use Password2 fields that utilize the three-key Triple DES (3DES) encryption standard. Hence I followed these steps:
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1443041) and the following product documentation (https://docs.servicenow.com/bundle/vancouver-platform-security/page/administer/key-management-framew...
But i want to know now that i have deactivated Password2 what will happen to usernames and passwords stored once we go forwards for AES.
Thanks,
Mohammed
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-04-2024 02:05 AM - edited 04-04-2024 02:37 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-04-2024 02:44 AM
3DES (Triple Data Encryption Standard) algorithm
It is based on the DES algorithm, which applies a series of basic operations to convert a text into another one encrypted, using a cryptographic key. 3DES is the algorithm that makes triple encryption of DES; it is based on applying it three times, with three different keys, making it much safer.
This method is gradually being replaced by the AES, since it is up to six times faster, however, there are still electronic payments, credit cards, etc. that use the 3DES standard, so it is still quite in force.
AES (Advanced Encryption Standard) algorithm
It is one of the most secure algorithms available nowadays. It is classified by the National Security Agency (NSA) from USA for the highest security of secret information. It is based on several substitutions, permutations, and linear transformations, performed in data blocks of 16 bytes, which are repeated several times.
So far there is no possibility of attack against AES, so this algorithm is still the preferred encryption standard by governments, banks and high security systems worldwide.
https://www.encryptionconsulting.com/why-3des-or-triple-des-is-officially-being-retired/
To answer your question, I don't think there will be any impact on your username and password stored already. But would recommend you to create a hi ticket so that you can be 100% sure.
Please mark my answer helpful and correct.
Regards,
Amit
