Date: Fri, 29 Mar 2024 09:09:47 +0000 (UTC) Message-ID: <993369632.4085.1711703387815@skald.opmantek.com> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_4084_84086392.1711703387814" ------=_Part_4084_84086392.1711703387814 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Open-AudIT stores both the device specific and default set of credential= s using the PHP mcrypt function with the RIJNDAEL 256 cypher (which is also= known as AES 256).
We must use a reversible encryption method as we need to decrypt and use= the plaintext of the stored credentials for device auditing (as opposed to= a one way encrypt and hash check, which is what Open-AudIT does with user = logon passwords).
https://en.wikipedia.org/wiki/Advan= ced_Encryption_Standard
AES 256 is considered secure by the US government and used by it where a= ppropriate.
The key in use by Open-AudIT for the credential encryption is user defin= able (naturally we do have a default). All data (except the key which is on= disk) is stored in the database.
The key is stored in the file code_igniter/application/config/config.php= . You should only change this if you have no credentials currently stored a= s once it is changed it will not be able to read any currently stored crede= ntials (or change it, then bulk edit and set the credentials again).
User logon passwords are stored using a one way algorithm (SHA 256). Whe= n a user provides credentials, the provided password is encrypted and the r= esult compared to what is stored in the database for that user.