000035565 - RSA Adaptive Authentication (OnPrem) 7.1 -Password Mask in UI and Hashing Values in the Database

Document created by RSA Customer Support Employee on Dec 1, 2017
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000035565
Applies ToRSA Product Set: Adaptive Authentication (OnPrem)
RSA Product/Service Type: Adaptive Authentication (OnPrem)
RSA Version/Condition: 7.1
IssueA Customer wants to know if there is a way to control the behavior of the password masking (asterisks) in the UI
through configuration files in the application.  They also want to know about the hash type which is used
when storing the password in the database and if this can be controlled through configuration files.
ResolutionAbout the passwords mask:
Password masking is not controlled by configuration files. It is built in the application source code and cannot be modified
as it is part of the product features which provides more security for the UI.
About the hashing when storing the password in the database:
RSA uses SHA1 hash algorithm to encrypt passwords and store in the database. From AAoP 7.3P2 onwards
we use SHA-256 hash algorithm to encrypt passwords.  This hashing is done also by the application and
is not available in any configuration file.  It is also part of the source code and cannot be modified through configuration.