Question

I need to determine how user credentials are stored with your products, this includes usage of cryptography. The description should include protocols, algorithms and key lengths, and where they are used.

Answer

How are Credentials stored?

• All passwords are first encoded, then a passphrase is added from Cognillo programmatically, and a salt value is then added for extra security, then this value is encrypted using AES (also known as Rijndael) encryption with 256 bits key length.
• Encryption mode used is CBC (Cyber Block Chaining).
• The encrypted value is finally then converted to a Base 64 encoded string to be stored.
• If encryption fails or any part of the encryption process, the password is not stored.

Where are Credentials stored?

• Please see the Product User Guide for the location of where credentials are stored.

NOTE: This excludes any information that your organization shares voluntarily/at your discretion for purposes of procurement, payment or troubleshooting (such as screen sharing, technical logs, reports, screenshots) with our agents or support team.

If you require further information or have any concerns, please contact Cognillo Support.

Related Articles

• Page:
  What Usage Information is shared when using Community Edition?
• Page:
  Is our data private? Do you share PII (Personally Identifiable Information) with outside parties?
• Page:
  What are the Community Edition limitations?
• Page:
  What are Work Units?
• Page:
  What is No of Users (who will use this product)?