Default Settings for On-Disk Encryption

On-disk encryption protects data at rest. The following table describes initial support:

On-Disk Encryption and Encoding

Content and Context	Algorithm	Configuration
Login password on disk in the metadata	AES1	Controlled by the STOREPASSWORDS option in the metadata server's omaconfig.xml file.
Internal account password on disk in the metadata	SHA-2562	Controlled by the HASHPASSWORDS option in the metadata server's omaconfig.xml file.
Password on disk in a configuration file	SASProprietary	If you have SAS/SECURE, you can upgrade to AES.
Most other metadata on disk	None	Not configurable.
SAS data sets on disk	None	To apply encryption, use the ENCRYPT= data set option.3
1If you don't have SAS/SECURE, SASProprietary is used.
2If you don't have SAS/SECURE, MD5 is used.
3The ENCRYPT= data set option uses a proprietary encryption algorithm that is not the same as the SASProprietary algorithm.

Note: Configuration files and metadata repository data sets should also be host protected.

See Also

About SAS/SECURE

Encryption Strength and Coverage

Default Settings for Over-the-Wire Encryption

How to Increase Encryption Strength for Passwords at Rest

Copyright © SAS Institute Inc. All rights reserved.