Secret Server uses AES 256 encryption (Advanced Encryption Standard) 256 bit, the Rijndael algorithm for encrypting the SQL Server database. This encryption is approved by the U.S. Government and was declared for use by NIST after a 5-year standardization process. AES 256 is the strongest encryption available for password protection.
Encryption Key Per Installation
Secret Server generates a unique encryption key during installation. This key in turn is encrypted and kept in the encryption.config file. The combination of this file and your Secret Server database allows you to reconstitute your system at any point. Back up your encryption.config file and your database! In fact, you might as well back up your Secret Server application folder and the database for easy moving or restoring of the application. Use the encryption key when encrypting/decrypting data from the database using the AES algorithm.
Login Password Protection
Secret Server hashes and salts user passwords using a randomly generated salt and the SHA512 hashing algorithm . While SHA1 is secure given the computing power of today's computers, it is not as secure as previously thought. Secret Server changed to SHA512 in version 2.1 to become an elite, secure password manager.
Secret Server has various options regarding user login to tighten security. You can choose from a number of options on the Configuration screen for your Secret Server to:
- Require username/password on every login if desired.
- Block browser auto-complete functionality if desired.
- Incorporate authentication against your Active Directory server.
- Allow "Remember Me" for a configurable time period, or disable it entirely.
- Choose the number of login failures before a user is marked as inactive.