Currently, we are testing to pass certification exams run by government agencies. Among the test items, there is an item related to password encryption of CommCell User.
The document web confirmed that SHA 256 was used. (https://documentation.commvault.com/commvault/v11_sp16/article?p=7964.htm) Is there a way to check what hash algorithm is used to store the password?
And can I change it to use a stronger hash algorithm like SHA384 or SHA512? Or can I use the Adding Salt to Hashing method?
I am not aware of a way to change the built in algorithm we use for password encryption outside of the default.
However you can use a KMS server to manage your encryption requirements. We allow you to integrate so that anything we store in the database will use your KMS environment, using whatever that is configured to use.
I would advise caution using this, if the KMS goes offline you may not be able to perform backups or restores.
Another option is to use Microsoft SQL TDE on the CommServe instance. We do support this as well. Again as with anything external to our software you will need to have a good process in pace to ensure the security of the keys you have to create and how you would recover the SQL instance if you needed to. This will also mean that if you log a support ticket with us we will not be able to stage the database unless you share the keys with us.
I am not aware of a way to change the built in algorithm we use for password encryption outside of the default.
However you can use a KMS server to manage your encryption requirements. We allow you to integrate so that anything we store in the database will use your KMS environment, using whatever that is configured to use.
I would advise caution using this, if the KMS goes offline you may not be able to perform backups or restores.
Another option is to use Microsoft SQL TDE on the CommServe instance. We do support this as well. Again as with anything external to our software you will need to have a good process in pace to ensure the security of the keys you have to create and how you would recover the SQL instance if you needed to. This will also mean that if you log a support ticket with us we will not be able to stage the database unless you share the keys with us.
We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.
