Is it a Simple DES or a Triple DES encryption algorithm?
Hi Folks,
Following the question I ask at: https://jazz.net/forum/questions/161289/what-algorithm-is-used-to-encrypt-password-for-jbe my customer asks me if it is a simple or a triple DES encryption which is used when we call jbe -createPasswordFile pass.txt In my understanding, it is a simple, but I might be wrong. If it is a simple DES encryption, do we have a way to request a Triple-DES encryption ? Do you plan to provide at some point a Triple-DES encryption ? Thanks a lot for your help Best regards Philippe |
2 answers
Nick Edgar (6.5k●7●11)
| answered Oct 20 '14, 12:01 p.m.
JAZZ DEVELOPER edited Oct 20 '14, 12:02 p.m.
Hi Philippe, it uses simple DES (i.e. 8 byte key), and the key for encoding/decoding is not a secret. As such, the password file is not really secure, it's just a way of getting the plain text password out of the build scripts and logs, and preventing casual viewing from exposing the plain text password. It is easy for someone with knowledge of how it is encoded to get the plain text given a password file. As described in the doc, we recommend the password file be given restricted permissions to prevent others from access to the build machine from being able to view it (just the build user).
Off-hand, I don't recall any RFEs to change this. It could be improved by using true public key cryptography, where the private key is used to encrypt the password in the password file, then JBE is given the public key in order to decrypt it.
|
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.