Top Secret

  • 1.  PWENC

    Posted Jun 15, 2017 02:56 PM

    For Compliance purposes, I need to provide the password encryption used by our Top Secret v16 KO installation.  Prior to V16 we were able to provide a screen print of the MODIFY STATUS command showing PWENC=DES3.  The PWENC control option has been removed with V16 so how do I provide proof of Top Secret V16 password encryption?



  • 2.  Re: PWENC
    Best Answer

    Broadcom Employee
    Posted Jun 19, 2017 09:08 AM

    With PWENC being obsolete at r16, running with a DES file produces the following entries from a TSS MODIFY(STATUS):

    AES_ENCRYPTION(Inactive)

    AESENC(NONE)

    Have you considered converting to 256-bit AES encryption? Although more computationally intensive than DES, 256-bit AES encryption is more secure. The link above describes the process for implementing 256-bit.

    -Kris