Replacement of Three-Key Triple DES in Password2 fields
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-04-2024 01:21 AM
Hi Everyone,
If we replace Three-Key Triple DES in Password2 with Advanced Encryption Standard (AES) what would be the impact on keeping user name and password stored? Could anyone provide insights on what this transition entails in terms of security, efficiency, and any potential impacts on our current user authentication system? Additionally, are there any best practices or considerations we should be aware of when making this switch? Any experiences or advice would be greatly appreciated.
Thank you!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-25-2024 10:33 AM - edited 07-25-2024 10:48 AM
BLUF: no there is no impact to user passwords. The migration will happen automatically and transparent.
The user password field does not use password2 datatype. it uses password, the difference being regular password datatype cannot be decrypted. This is done intentionally b/c decrypting a password is never necessary even for authentication. KML or legacy encryption does not apply here. This field is technically not encrypted but more like a hash digest...not important but what is important to know, is that the password datatype not designed be decrypted or recover the original text.
Password2 however can be decrypted. This is b/c there is a legitimate need for the original password. Integrations using basicAuth or OAuth require SN to pass the original password. Therefore this password field uses the password2 datatype.
