Use of Encryption
Encryption is used to protect stored P-Synch data as follows:
| Data | Algorithm | Key |
| Privileged passwords, used to log into target systems | 128-bit AES | 128-bit random |
| User authentication Q-A (Question-and-Answer) profile answers | 128-bit AES | 128-bit random |
| User old password history | SHA-1 | 64-bit random salt |
Data transmitted to and from P-Synch on the network is cryptographically protected, as follows:
| To/From | Algorithm | Key length |
| Interactive sessions | ||
| User browser | SSL (varies) | 128 bits. |
| Trigger password synchronization | ||
| From Win2K/2K3 AD DC | 128-bit AES | 128-bit shared secret. |
| From OS/390 | ||
| From Unix | ||
| From LDAP server | ||
| From WinNT DC | ||
| Set passwords, Create/update users | ||
| To Unix agent | 128-bit AES | 128-bit shared secret. |
| To OS/390 task | ||
| To RSA Authentication Manager | ||
| To proxy server | ||
| API (application programming interface) Session - socket | ||
| From calling system / IVR (interactive voice response) | 128-bit AES | 128-bit shared secret. |
| API (application programming interface) Session - web services | ||
| From calling system / IVR (interactive voice response) | HTTPS | 128 bits. |
| Set passwords, Create/update users | ||
| To target system | native | Varies. Use proxy server when native protocol is inadequate. |