THE INFORMATION IN THIS ARTICLE APPLIES TO:
- EFT Server, v5.1 and later
How are passwords stored in EFT?
Passwords managed by EFT for user and administrator authentication are stored using a base64-encoded SHA256* one-way hash. Passwords used for unattended operations such as outbound client transfers, database access, private key decryption, etc. must be reversible; thus, depending on the situation, these passwords are either obfuscated or encrypted (Twofish or similar) using a server-managed symmetric key. Passwords stored (temporarily) in memory are not encrypted.
*EFT Server prior to version 5.1 used MD5 for the one-way hash. Refer to Is it possible to import user passwords from Solaris to EFT? for more on MD5 password support including *nix style MD5 and DES password importing.