Configuring encryption for ID files

Any ID used with the current IBM® Notes® client benefits from the strong security provided by AES encryption.

About this task

The following options are available for ID file encryption:

Perform the following steps to configure ID file encryption:


1. In the IBM Domino® Administrator client, create a new Security Settings document, or open an existing one.

2. Click Password Management and in the ID File Encryption Settings section, select one of the following options:

3. Specify the number of iterations for key derivation strength. Key derivation strengthening is a technique used to make it more costly for malicious attackers to guess likely passwords through a brute force dictionary attack. They work by increasing the time it takes to generate a key from a password. The value for this field is the number of times an HMAC algorithm is applied as part of the operation that generates a key from the password. Specifying a larger number for this value increases the duration of each attempt during a dictionary attack. The default setting for this field is 5000, which is acceptable in most environments. Organizations with higher security requirements may wish to specify a higher value.

4. Save the Security Settings document and assign it to a policy, if you have not already done so.


Related concepts
Encryption standards