1.What is the encryption algorithm used in the application ? What is the purpose of the encryption?

 Eg: If the encryption algorithm is aes (128, 256), triple des what is the purpose of the encryption? Is the purpose used to encrypt user login details in database server?

There are several different places certificates are used.  Browser cert to validate the epo server is who it says it is, apache to tomcat for secure communication between apache and tomcat and apace certs for secure communication between apache and the clients.  Database encryption is not enabled by default, so that has to be configured by the customer.  See KB84628.  

2.What is the hashing algorithm used ?

Triple Des yes?

That was already answered - aes (128, 256), triple des

3.Where is the key store at ?

c:\programdata\mcafee\agent\keystore. There is a lot of key file in it. Which is the main key and how do I view it? Something i am able to provide and proof to my security auditor.

You don't view them, they are unique to each system and server.  You can view the cabundle.cer in C:\ProgramData\McAfee\Agent as you would any certificate.

4. How is each key unique to each installation of epo. By just the license key ? or the system SSID and time date it was installed that makes it unique and secure?

When epo is installed on a server, a unique private server key is generated for that install.  All subsequent certificates are generated signed by that private key.  So an agent key signed by that root epo key cannot communicate with another epo server with different key.

Hi,

Back to the triple des algorithm.

Do you happen to know the key size for it?
56, 112 ,168

For McAfee EPO application, the password encryption is using AES 256 with 3DES or just AES 256?

In previous versions, the algorithm that was used was 3DES; from 4.6 onward, it is AES 256.  So I guess we no longer use 3des.

Would like to seek your clarification on below:

Understand that the Encryption Key for EPO is stored at %McAfee\ePolicy Orchestrator\Server\keystore\server.keystore

Is the EPO portal using the key during EPO portal Login Authentication for encryption/decryption?

1. Please briefly explain how does the encryption process work for stored password in database during EPO portal Login Authentication.

        2.What is the encryption algorithm (i.e AES-256) is using for stored password in database during             EPO portal Login Authentication.

       3.What is the hashing algorithm (i.e SHA-256 ) is using for stored password in database during
        EPO portal Login Authentication.

    2.What is the encryption algorithm (i.e AES-256) is using for stored password in database during             EPO portal Login Authentication.

As already stated, we use AES-256, but passwords use a hard coded obfuscation key with a key that is unique for each install, which is used for the database password stored in server\conf\orion\db.properties and the value in the database for users.
This key is generated and inserted into the registry by the installer for clean installs and upgrades, and the key is protected by ACL defined by the installer.

       3.What is the hashing algorithm (i.e SHA-256 ) is using for stored password in database during
        EPO portal Login Authentication.

All passwords stored in the database are salted with a unique obfuscation key, as stated.  That obfuscation method is not available for us to share.