DX NetOps Performance Management password encryption methods
search cancel

DX NetOps Performance Management password encryption methods

book

Article ID: 211701

calendar_today

Updated On:

Products

CA Performance Management - Usage and Administration DX NetOps

Issue/Introduction

Can you please confirm what algorithm is used to secure stored passwords in CAPM/Dx Netops? We’re interested in the algorithm and version/configuration being used.

  • For instance, if stored passwords are encrypted, then we want to know which encryption algorithm was used e.g AES 128, AES 256, DES, 3DES, ChaCha20 e.t.c
  • However, if stored passwords are hashed, then we want to know which hashing algorithm was used e.g Argon2id, scrypt, bcrypt, SHA1, MD5, SHA256, SHA512 e.t.c

What encryption methods and algorithms are used for DX NetOps Performance Management?

Environment

All supported DX NetOps Performance Management releases

Resolution

  1. Performance Center web UI User Passwords?
    • The passwords for UI users are stored in the password column of the user_definitions table in the MySql netqosportal DB.
    • The user_definitions table password column uses MD5(password) when FIPS mode is not enabled.
    • In versions 21.2.5 and earlier:
      • If FIPS mode is enabled in Performance Center it uses SHA256(MD5(password)).
    • In versions 21.2.6 and newer:
      • Performance Center uses SHA2(MD5(password),512) whether FIPS is enable or not.
  2. Performance Center configured for LDAP authentication via SSO?
    • The LDAP configuration password is stored in the performance_center_properties table in the MySql netqosportal DB.
    • It is encrypted using AES for all releases, regardless of FIPS configuration.
  3. Passwords stored in files on Performance Center?
    • There are files where we store the encrypted MySql DB password for access.
    • The encryption used for the encrypted string written to the files is AES.
  4. What does Vertica use for the Data Repository?
    • Vertica uses MD5 by default when not in FIPS mode.
    • When FIPS is enabled it uses SHA256.
  5. What about the MySql users on Performance Center that access the database?
    • These users, the only one we create is the netqos named user, are stored in the MySql mysql DB users table. 
    • Performance Center uses the default MySql password encryption for the password stored in the users table.
    • It uses the MySql Password() function
    • More information can be found at the following URL.
      • For Portal releases 21.2.7 and earlier: https://dev.mysql.com/doc/refman/5.7/en/password-hashing.html
      • For Portal releases 21.2.8 and newer: https://dev.mysql.com/doc/refman/8.0/en/password-management.html
  6. SMTP password is stored using AES regardless of FIPS configuration or release.
  7. NetOps Portal SNMP Profile synchronization
    1. Uses DES in releases 21.2.5 and earlier.
    2. Uses AES in releases 21.2.5 and earlier when FIPS is enabled.
    3. Uses AES in releases 21.2.6 and newer whether FIPS is enabled or not.
Powered by Wolken Software