Use of Encryption
Encryption is used to protect stored Hitachi ID Identity Manager data as follows:
| Data stored on the Identity Manager server | ||
| Data | Algorithm | Key |
| Privileged passwords, used to log into target systems | 128-bit AES | 128-bit random |
| Answers to security questions | 128-bit AES | 128-bit random |
| User old password history | SHA-1 | 64-bit random salt |
(1)Data transmitted to and from Identity Manager on the network is cryptographically protected, as follows:
| Data transmitted to/from the Identity Manager server | ||
| To/From | Algorithm | Key length |
| Interactive sessions | ||
| User browser | SSL (varies) | 128 bits. |
| Trigger password synchronization | ||
| From Win2K/2K3 AD DC | 128-bit AES | 128-bit shared secret. |
| From z/OS | ||
| From Unix | ||
| From LDAP server | ||
| Set passwords, Create/update users | ||
| To Unix agent | 128-bit AES | 128-bit shared secret. |
| To z/OS task | ||
| To RSA Authentication Manager | ||
| To proxy server | ||
| API (application programming interface) | ||
| From calling system / IVR (interactive voice response) | 128-bit AES | 128-bit shared secret. |
| API | ||
| From calling system / IVR | HTTPS | 128 bits. |
| Set passwords, Create/update users | ||
| To target system | native | Varies. Use proxy server when native protocol is inadequate. |