Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Password encryption limitations #1513

Closed
jas88 opened this issue Jan 25, 2023 · 1 comment
Closed

Password encryption limitations #1513

jas88 opened this issue Jan 25, 2023 · 1 comment

Comments

@jas88
Copy link
Member

jas88 commented Jan 25, 2023

Describe the bug

Current password encryption is sub-optimal - direct RSA encryption limits password length and is poor practice cryptographically.

To Reproduce

Add an external data source (e.g. database server) with a long (50+?) character password - saving this fails semi-silently.

Expected behavior

Passwords of arbitrary length should be securely encrypted (probably using a random AES256 key, with that key in turn RSA-encrypted and stored alongside).

Screenshots

RDMP Version

All current releases.

Error with Stack Trace

If applicable, paste the entire stack trace here, leave the triple quotes (```)

Database Engine
Sql Server, Oracle, MySql or Postgres.

Additional context
Add any other context about the problem here.
@jas88 jas88 mentioned this issue Jan 25, 2023
Open
@jas88
Copy link
Member Author

jas88 commented Oct 18, 2024

Fixed, new encryption uses two-stage with AES payload encryption and RSA storage of the AES key enabling essentially unlimited password/payload length.

@jas88 jas88 closed this as completed Oct 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jas88