Environment
Secure Password Administrator 1.0
Situation
How does Secure Password Administrator encrypt data in the SQL Server database?
What type of encoding is used in the SPA database?
How does SPA limit access to critical password information?
What type of encoding is used in the SPA database?
How does SPA limit access to critical password information?
Resolution
Secure Password Administrator (SPA) encrypts users' challenge questions and answers. SPA also encrypts password history if you installed hotfix NETIQKB44178. SPA stores the encrypted information using 160-bit Blowfish in one of the tables in the SPA SQL Server database.
For more information about the hotfix, see the NetIQ Knowledge Base article NETIQKB44178: "Secure Password Administrator does not allow for web-based password history or password aging" at https://www.netiq.com/kb/esupport/consumer/esupport.asp?id=NETIQKB44178.
Additional Information
Formerly known as NETIQKB49476