What encryption method is used to encrypt passwords in the Qlik Sense Repository Database
Article Number: 000034570 | Last Modified: 2019/01/17
When setting up a User Directory Connector (UDC) or Data Connection (DC), there is an option to store a username and password combination which can be used for that connection:
Qlik Sense used AES256 encryption to encrypt the password field to ensure that this information cannot be recovered by a malicious entity.
For specific questions and answers:
>> Using reversible encryption (e.g. DES, 3DES, AES, etc.)?
Yes – AES-256.
>> Using secure cryptographic one-way hash function (such as SHA-256) of the password, without use of the salt?
>> Using secure cryptographic one-way hash function (such as SHA-256) of the salted password (common salt)?
>> Using secure cryptographic one-way hash function (such as SHA-256) of the salted password (individual salt)?
>> Is the salt at least 32 chars long?
The salt length is 16 bytes
>> Using a dedicated password-based key derivation function, such as bcrypt, PBKDF2 or scrypt?
No key derivation function. Only the key provided with the cert is used.
>> Are the salts stored in the same database/table where the credentials are stored?
Salts are stored in the same database/table as the encrypted credentials