Re: How are roaming id-files encrypted?

Well the message from Lotus Support on the roaming id-file question (see the original post “How are roaming id-files encrypted?” for the whole story) is that no one seems to know. The technician in charge of my PMR called me and it seems like none of the people, including the support guys in Ireland, knows what’s up with the “double encryption”. He did however say that he got in contact with a developer in Germany via IM who would take a look at the actual Notes/Domino code on Friday.

The technician from Lotus Support would get back to me on Friday or Monday so we’ll see what happens. Lets just hope the answer isn’t hard to come by because it is security by obscurity

One thought on “Re: How are roaming id-files encrypted?”

  1. Well, the first level of encryption is the standard encryption used on all id files. The key is derived from an MD2 hash of the user’s password. I don’t know what the second level is, but I wouldn’t be surprised if it’s just a hard-coded secret key. Since the main purpose is to provide some protection for users who have no password or weak passwords, I don’t think that it’s really a big problem if it’s a case of security by obscurity. After all, it’s just a substitute for the security of physical possession, which isn’t really all that secure.

    Like

Comments are closed.