cancel
Showing results for 
Search instead for 
Did you mean: 

Sybase Anywhere user id and password encryption during transmission of connection attempt

Former Member
2,225

Dear all. I'm sorry if this question has already been asked before. Are user id and password are encrypted during transmission of connection attempt from a unixODBC client to server? If they are, is that asymmetric encryption scheme? What is the encryption algorithm? Does it have any relation with TLS encryption parameter ? I do really appreciate your help.

regards, hb

Accepted Solutions (1)

Accepted Solutions (1)

graeme_perrow
Advisor
Advisor

Sensitive connection parameters (PWD, DBKEY, NEWPWD) are sent in an encrypted block. The block is encrypted with AES using a random key that is negotiated between the client and server, and is only used once. This happens on all connections, whether the connection itself is encrypted or not.

While this is far more secure than sending the password in plain text, it's not completely bulletproof. For the highest possible security, you should use TLS encryption.

VolkerBarth
Contributor
0 Kudos

That behaviour has been in usage since version ...? And it applies to all connection links, too?

Former Member
0 Kudos

Thank you Graeme. That is really help.

regards, henky

Former Member
0 Kudos

Sorry , another question Graeme, is it AES 256 or AES 128 ?

Warm regards, henky

graeme_perrow
Advisor
Advisor

@Volker: It's been there since version 11.x and it happens on both shared memory and TCP/IP. @henky: We use AES256.

Former Member
0 Kudos

Thank you very much.

Warm regards, henky

Answers (0)