How can we make sure that the Cache userid passwords are encrypted on storage? We want to make sure that the Cache passwords cannot be decrypted - how can we ensure that?
Caché does not store plaintext passwords. All passwords are hashed prior to storage, and the passwords hashes are then compared. More information about password security can be found in the "Caché Authentication" portion of the documentation: http://docs.intersystems.com/latest/csp/docbook/DocBook.UI.Page.cls?KEY=...
Caché stores only irreversible cryptographic hashes of passwords. The hashes are calculated using the PBKDF2 algorithm with the HMAC-SHA-1 pseudorandom function, as defined in Public Key Cryptography Standard #5 v2.1: “Password-Based Cryptography Standard.” The current implementation uses 1024 iterations, 64 bits of salt, and generates 20 byte hash values. There are no known techniques for recovering original passwords from these hash values.