Hi All A customer asked a question that I cannot answer[:I] What is the ‘strength’ of the native database password encryption algorithm? Can anyone help, or show me where this is documented? TIA
If you take a look at the following post you’ll read some disturbing things about the password encryption… [:(] http://www.mbsonline.org/forum/topic.asp?TOPIC_ID=5589&SearchTerms=password,encryption But in version 4.0 they have removed a password cracking feature. See the following post: http://www.mbsonline.org/forum/topic.asp?TOPIC_ID=15407&SearchTerms=password,4.0,encryption [:)]
Thanks Tino I was looking for a simple statement of the cipher ‘strength’ eg 128 bit or 64 bit etc. I am aware of the limitations of Native database passwords and also the possibility of ‘hacking’ a password using brute force algorithms. I’m glad that they took out the ??? ‘feature’ that was not secure for sure!
Unfortunately the database is not encrypted. (Obviously if it were, then the ??? thing would not have been posible). Sorry.
Thanks David The database is not encrypted, but passwords are, I was simply trying to discover the ‘strength’ of the algorithm used to encrypt the passwords and if it is written to any ‘industry standards’ or it is entirely propriatory to Navision.
Gotcha, from your post I read that you thought that the database was password encrypted. So to answer the question, I believe its something specific to Navision.
It is a 128-bit standard hash (or digest) function but I will not say which one - hashing is different to encryption which is bidirectional; the passwords are never decrypted and they can never be reversed back to the clear text form.
Thanks Robert; thats great.