I have few more in-depth question.
1.What is the encryption algorithm used in the application ? What is the purpose of the encryption?
Eg: If the encryption algorithm is aes (128, 256), triple des what is the purpose of the encryption? Is the purpose used to encrypt user login details in database server?
2.What is the hashing algorithm used ?
Triple Des yes?
3.Where is the key store at ?
c:\programdata\mcafee\agent\keystore. There is a lot of key file in it. Which is the main key and how do I view it? Something i am able to provide and proof to my security auditor.
4. How is each key unique to each installation of epo. By just the license key ? or the system SSID and time date it was installed that makes it unique and secure.?
In previous versions, the algorithm that was used was 3DES; from 4.6 onward, it is AES 256. So I guess we no longer use 3des.
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Would like to seek your clarification on below:
Understand that the Encryption Key for EPO is stored at %McAfee\ePolicy Orchestrator\Server\keystore\server.keystore
Is the EPO portal using the key during EPO portal Login Authentication for encryption/decryption?
2.What is the encryption algorithm (i.e AES-256) is using for stored password in database during EPO portal Login Authentication.
3.What is the hashing algorithm (i.e SHA-256 ) is using for stored password in database during
EPO portal Login Authentication.