Highlighted
Tony Okusanya Respected Contributor.
Respected Contributor.
438 views

System Account Passwords

Greetings 

I was wondering if anyone knows the type of encryption and methodology used to store HPOO system account passwords. When you upudate a system account in central where is it stored and what type of encryption is used. This is audit related

Tags (1)
0 Likes
1 Reply
Micro Focus Expert
Micro Focus Expert

Re: System Account Passwords

Hi,

System accounts passwords as well as other senitive information in OO is encrypted using the AES algorythm and (by default) a key size of 128. This can be configured for more secure encryption by following the procedure described in the Security and hardening guide about configuring OO to be FIPS 140-2 compliant. 

Regarding the storage part the system account passwords are stored encrypted in the OO database. Any updates done to these keys will in turn also be stored in the database encrypted, however these updates will not overwrite the original value that was stored for the system account password.  

As a general rule everything that is done from the UI unless actively prompting you to save to the file system will be stored inside the OO database and furthermore any sensitive information (passwords, init strings and information marked as sensitive in flows) will be stored as encrypted. 

Hope this helps,

Vlad

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.