Two questions:
-
Client running 8.5.3 and IDs encrypted as 64 bit RCs. Server is running 9.0.1. When they encryption is done between the client & server, is it using the stronger encryption module on the server that can decode the old encryption of the ID. Or do I need to upgrade my client IDs to 256 Bit AES encryption?
-
My users currently do not have access to the server. Are there any issues with upgrading the IDs, getting them tot he users and the users them accessing the servers?
Note: we do not use the email functionality of Domino, just the database funtionality.
Regards,
Sharon
Subject: How the ID files are encrypted is orthogonal to the contents of the ID files…
Each ID file contains a set of RSA keys that are used for authentication and other purposes. These are what people commonly refer to when they talk about the “strength” of a given ID file.
The strength of the keys within an ID file is not correlated with how that ID file is protected. Many options exist for protecting ID files – smartcards, Notes Shared Login, Notes Federated Login, and passwords, among others. The “ID file encryption strength” is most relevant when protecting the ID file with a password, but those key strengths – RC2-64 through AES-256 – are not used directly when a Notes client authenticates to a Domino server.
If you want to use key sizes recommended by current best practices, then I would recommend setting a security policy to protect ID files with AES-128 and 5,000 iterations (unless you have truly antique client workstations), using key rollover to upgrade your RSA keys to 2048 bits, and using AES-128 for any documents that you encrypt within those databases.
http://www-10.lotus.com/ldd/dominowiki.nsf/dx/supported-key-sizes-in-notesdomino http://www-10.lotus.com/ldd/dominowiki.nsf/dx/supported-key-sizes-in-notesdomino