RSA enVision^® Discussions

RSAAdmin · ‎2008-07-08

Hi,

Does anyone happen to know what encryption algorithm RSA enVision uses when it stores the logs to the LogSmart IPDB? I have read an old document "Encryption and Data Protection" where the author has said something like this: "Each minute, Nuggets are rolled up into a superset of objects called “packages” that are in turn closed and saved in a cipher protected object-store. This is first and default form of data encryption." Then the document describes how the hashing is done and so on, but there isn't any information about the encryption algorithm which is being used.

A mean PCI-auditor may ask how the logs are encrypted

-AJ-

RSAAdmin · ‎2008-07-23

The IPDB is not encrypted with a "public" algorithm. It's really more of an encoding than an encryption, but it's not public algorithm like AES or Blowfish.

RSAAdmin · ‎2008-08-04

So, basically you shouldn't been able to read those logs inside IPDB without some specified parameters like enVision license key or serial number? The MD5 hash value is derived from so called GUID (unique identifier, derived from NIC Domain Site, Site name, Node name, date and time and so on). Is this GUID also used during the encryption/encoding?

I just want to be sure that logs will be properly encrypted. For instance, in the PCI DSS 1.1 requirement 3.4 is says that you have to render the Primary Account Number (which may appear also in the logs) unreadable, by using any of the following approaches:

• Strong one-way hash functions (hashed indexes)

• Truncation

• Index tokens and pads (pads must be securely stored)

• Strong cryptography with associated key management processes and procedures

Thanks again!

RSAAdmin · ‎2008-12-15

Can you please share that Encryption and Data Protection document ? I was looking for similar information of how data in the IPDB is secure. How is it encoded ?

BryceRobinson · ‎2009-01-19

I also would be very interested to know what exactly the method of encryption in the IPDB is since it is very important for PCI

RSAAdmin · ‎2009-01-28

The answer I have received is that the logs are not encrypted. It is closer to say that they are machine encoded. If you want to encrypt them I have been told that I can use the encryption that comes native with Windows. I think that would be too big of a performance hit though.

BryceRobinson · ‎2009-01-28

Hmmmm it would be nice if RSA could reply on this issue in terms of supported configurations, as I imagine for a lot of users holding extremely sensitive data, this could be quite important.

'Machine encoded' is definitely far from 'encrypted'

DavidBruskin · ‎2009-09-30

It is not encrypted. Only encryption is in the form or the credentials for collection and portions of the application and tables. the IPDB itself is not encrypted, but rather hashed.

/db

RSAAdmin · ‎2009-10-04

Your only option would be to use Windows do encrypt the logs, but that may significantly impact performance.

RSAAdmin · ‎2009-10-05

Is there any formal documentation anywhere on this, or can RSA provide something more concrete? If/when tested under an audit situation, I don't think "I know it's this way because I read it on the forum" is going to hold much water.

Anything that can explain it in detail, without abiguity, would be helpful.

And if it's really a simple operation under the hood, then the documentation should state so... e.g. Don't try to convince me that "Three rounds of tripple XOR encoding" is oh so secure

RSA enVision® Discussions

Encryption of the logs?

RSA enVision^® Discussions