|Applies To||RSA Product Set: Adaptive Authentication (OnPrem)|
RSA Product/Service Type: Adaptive Authentication (OnPrem)
RSA Version/Condition: 7.1
|Issue||A Customer wants to know if there is a way to control the behavior of the password masking (asterisks) in the UI|
through configuration files in the application. They also want to know about the hash type which is used
when storing the password in the database and if this can be controlled through configuration files.
|Resolution||About the passwords mask:|
Password masking is not controlled by configuration files. It is built in the application source code and cannot be modified
as it is part of the product features which provides more security for the UI.
About the hashing when storing the password in the database:
RSA uses SHA1 hash algorithm to encrypt passwords and store in the database. From AAoP 7.3P2 onwards
we use SHA-256 hash algorithm to encrypt passwords. This hashing is done also by the application and
is not available in any configuration file. It is also part of the source code and cannot be modified through configuration.