DX NetOps Performance Management password encryption methods

book

Article ID: 211701

calendar_today

Updated On:

Products

CA Performance Management - Usage and Administration DX NetOps

Issue/Introduction

Can you please confirm what algorithm is used to secure stored passwords in CAPM/Dx Netops? We’re interested in the algorithm and version/configuration being used.

  • For instance, if stored passwords are encrypted, then we want to know which encryption algorithm was used e.g AES 128, AES 256, DES, 3DES, ChaCha20 e.t.c
  • However, if stored passwords are hashed, then we want to know which hashing algorithm was used e.g Argon2id, scrypt, bcrypt, SHA1, MD5, SHA256, SHA512 e.t.c

What encryption methods and algorithms are used for DX NetOps Performance Management?

Environment

All supported DX NetOps Performance Management releases

Resolution

  1. Performance Center web UI User Passwords?
    • The passwords for UI users are stored in the password column of the user_definitions table in the MySql netqosportal DB.
    • The user_definitions table password column uses MD5(password) when FIPS mode is not enabled.
    • If FIPS mode is enabled in Performance Center it uses SHA256(MD5(password)).
  2. Performance Center configured for LDAP authentication via SSO?
    • The LDAP configuration password is stored in the performance_center_properties table in the MySql netqosportal DB.
    • It is encrypted using DES.
    • The use of DES is to allow NFA integrations to successfully decrypt it when we send it via synchronization.
    • NFA has not added AES support yet.
  3. Passwords stored in files on Performance Center?
    • There are files where we store the encrypted MySql DB password for access.
    • The encryption used for the encrypted string written to the files is AES256.
  4. What does Vertica use for the Data Repository?
    • Vertica uses MD5 by default when not in FIPS mode.
  5. What about the MySql users on Performance Center that access the database?
    • These users, the only one we create is the netqos named user, are stored in the MySql mysql DB users table. 
    • Performance Center uses the default MySql password encryption for the password stored in the users table.
    • It uses the MySql Password() function
    • More information can be found at the following URL.
      • https://dev.mysql.com/doc/refman/5.6/en/password-hashing.html