Use of encryption in Hitachi ID Password Manager
Encryption is used to protect stored Hitachi ID Password Manager data as follows:
| Data stored on the Password Manager server | ||
| Data | Algorithm | Key |
| Privileged passwords, used to log into target systems | 128-bit AES | 128-bit random |
| Answers to security questions | 128-bit AES | 128-bit random |
| User old password history | SHA-1 | 64-bit random salt |
(1)Data transmitted to and from Password Manager on the network is cryptographically protected, as illustrated by the following examples:
| Data transmitted to/from the Password Manager server | ||
| To/From | Algorithm | Key length |
| Interactive sessions | ||
| User browser | SSL (varies) | 128 bits. |
| Trigger password synchronization | ||
| From Win2K/2K3 AD DC | 128-bit AES | 128-bit shared secret. |
| From z/OS | ||
| From Unix | ||
| From LDAP server | ||
| Set passwords, Create/update users | ||
| To SSH scripted target | SSH | Varies by SSH configuration |
| To Unix agent | 128-bit AES | 128-bit shared secret. |
| To z/OS task | ||
| To RSA Authentication Manager | ||
| To proxy server | ||
| API Session - socket | ||
| From calling system / IVR | 128-bit AES | 128-bit shared secret. |
| API Session - web services | ||
| From calling system / IVR | HTTPS | 128 bits. |
| Set passwords, Create/update users | ||
| To target system | native | Varies. Use proxy server when native protocol is inadequate. |