Configuring encryption for ID files

Any ID used with the current IBM® Notes® client benefits from the strong security provided by AES encryption.

1. In the IBM Domino® Administrator client, create a new Security Settings document, or open an existing one.
2. Click Password Management and in the ID File Encryption Settings section, select one of the following options:
   • To use one encryption standard to silently and automatically encrypt the ID files of the users to whom this policy applies, next to Mandated encryption standard, select one encryption standard from the list. The setting you select will be the only one available in the Encryption Strength field of the Notes client Change Password dialog box.
   • To provide users a choice of encryption standard to use the next time they change their passwords, click Allowed encryption standards and select two or more standards from the list. Users select the standard during the process of changing their passwords. Use this option if users run multiple versions of Notes and you want to allow them to choose the highest encryption level possible for their versions.
3. Specify the number of iterations for key derivation strength. Key derivation strengthening is a technique used to make it more costly for malicious attackers to guess likely passwords through a brute force dictionary attack. They work by increasing the time it takes to generate a key from a password. The value for this field is the number of times an HMAC algorithm is applied as part of the operation that generates a key from the password. Specifying a larger number for this value increases the duration of each attempt during a dictionary attack. The default setting for this field is 5000, which is acceptable in most environments. Organizations with higher security requirements may wish to specify a higher value.
4. Save the Security Settings document and assign it to a policy, if you have not already done so.