This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal


~Bella Chutoomanakoi
Aug 10, 2015, 6:37 PM
14 Posts

Encryption and ID strength

  • Category: Security
  • Platform: Windows
  • Release: 9.0.1
  • Role: Administrator
  • Tags:
  • Replies: 1

Two questions:

1) Client running 8.5.3 and IDs encrypted as 64 bit RCs.  Server is running 9.0.1.  When they encryption is done between the client & server, is it using the stronger encryption module on the server that can decode the old encryption of the ID.  Or do I need to upgrade my client IDs to 256 Bit AES encryption?

2) My users currently do not have access to the server.  Are there any issues with upgrading the IDs, getting them tot he users and the users them accessing the servers?

Note: we do not use the email functionality of Domino, just the database funtionality.

Regards,

Sharon

~Tanita Desweverobu
Aug 10, 2015, 7:59 PM
94 Posts
How the ID files are encrypted is orthogonal to the contents of the ID files...
Each ID file contains a set of RSA keys that are used for authentication and other purposes. These are what people commonly refer to when they talk about the "strength" of a given ID file.  

The strength of the keys within an ID file is not correlated with how that ID file is protected. Many options exist for protecting ID files -- smartcards, Notes Shared Login, Notes Federated Login, and passwords, among others.  The "ID file encryption strength" is most relevant when protecting the ID file with a password, but those key strengths -- RC2-64 through AES-256 -- are not used directly when a Notes client authenticates to a Domino server.

If you want to use key sizes recommended by current  best practices, then I would recommend setting a security policy to protect ID files with AES-128 and 5,000 iterations (unless you have truly antique client workstations), using key rollover to upgrade your RSA keys to 2048 bits, and using AES-128 for any documents that you encrypt within those databases.

http://www-10.lotus.com/ldd/dominowiki.nsf/dx/supported-key-sizes-in-notesdomino

This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal