Skip to Content
author's profile photo Former Member
Former Member

BusinessObjects XIR2 encoding method while communicating with WindowsAD

Hi All,

One of the customers wanted to know how BOE XI pass the information of username and password to AD while authenticating the users. And if it attempts to encode this information.

Found the information below from one of the articles for legacy products (BO 5x and 6x ) but not sure if this applies also to BusinessObjects XI R2.

=============================

**********SYMPTOMS******

You want to know which encryption method is used by BusinessObjects.

*********RESOLUTION*****

Encryption is defined as coding a digital message so that only a recipient with the proper key can decode and understand the message.

Business Objects uses DES 5, or Data Encryption Standard (Level 5).

Data Encryption Standard (DES) is a widely used method of data encryption using a private (secret) key that was judged so difficult to break by the U.S. government that it was restricted for exportation to other countries. There are 72 quadrillion or more possible encryption keys that can be used. For each given message, the key is chosen at random from among this enormous number of keys. Like other private key cryptographic methods, both the sender and the receiver must know and use the same private key.

DES applies a 56-bit key to each 64-bit block of data. The process can run in several modes and involves 16 rounds (operations).

DES originated at IBM in 1977 and was adopted by the U.S. Department of Defense. It is specified in the ANSI X3.92 and X3.106 standards and in the Federal FIPS 46 and 81 standards. Concerned that unfriendly governments could use the encryption algorithm, the U.S. government has prevented export of the encryption software. However, free versions of the software are widely available on bulletin board services and Web sites. Since there is some concern that the encryption algorithm will remain relatively unbreakable, NIST has indicated DES will not be recertified as a standard and submissions for its replacement are being accepted. The next standard will be known as the Advanced Encryption Standard (AES).

===================================

Thanks in Advance,

Saikrishna.

Add a comment
10|10000 characters needed characters exceeded

Related questions

2 Answers

  • Posted on Dec 19, 2008 at 12:27 AM

    If using java I always suggest RC4, but DES will work especially in older environments. I don't know where you found that article but DES is no longer considered very secure so RC4 is a better way to go if your software will support it (windows will by default sun java sdk 1.5 will and any web/app server running 1.5)

    If you are using IIS.net the same is true plus NTLM (MD4) and NTLMv2 (MD5) based on your AD setup.

    Regards,

    Tim

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Dec 19, 2008 at 10:46 PM

    Hi Tim

    Thank you for the information.

    So BusinessObjects uses the encryption methods RC4, DES, MD4 OR MD5 depending on our configuration and doesnu2019t send/receive user id and pwd in plain text while communicating with windows AD, right?

    I got that article about DES from legacy vantive search.

    Regards,

    Saikrishna.

    Add a comment
    10|10000 characters needed characters exceeded

    • Well technically speaking business objects doesn't encrypt anything, we simply make api calls to the OS and Microsoft is the one responsible for the encryption. We can choose kerberos or ntlm in our plugin but after that the encryption is configured external to our product. For instance most windows AD using NTLM will be on NTLMv1 by default unless the AD admin disables NTLMv1 in their domain through policy and then we and the OS will use NTLMv2(MD5). The process is slightly different with java as encryption can also be choosen in the java SDK (krb5.ini) but that too gets passed to the OS eventuallly and again Microsoft encrypts the password using kerberos (DES or RC4). I haven't tried yet but I assume AES will be supported at some point and with newer versions of windows and java SDK's.

      Regards,

      Tim

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.