Idea ID: 2876747

diagpwd: display password encryption algorithm, 3DES or AES256

Status: New Idea

With eDirectory 9.x an AES 256-Bit tree key can be created to have eDir use AES256 instead of 3DES when encrypting data.

It would be great if diagpwd could display with which algorithm the password of individual users is currently encrypted.

In case you do not want to use "diagpwd -t" to re-encrypt all passwords at once and want to check which/how many user's passwords are already encrypted with the new algorithm. Or in case of some sort of security audit where you need to prove not only that you enabled the new tree key but also that passwords are actually encrypted with it.

Tags: