In Version 9.7, you can now encrypt the
user ID and password using the Advanced Encryption Standard (AES)
algorithm with keys 256 bits long.
The user ID and password submitted for authentication to DB2® are encrypted when the authentication
method negotiated between the DB2 client
and the DB2 server is SERVER_ENCRYPT.
The authentication method negotiated depends on the authentication
type setting of the
authentication configuration
parameter on the server and the authentication requested by the client.
The choice of the encryption algorithm used to encrypt the user ID
and password, either DES or AES, depends on the setting of the
alternate_auth_enc database
manager configuration parameter:
- NOT_SPECIFIED (the default) means that the server
accepts the encryption algorithm that the client proposes.
- AES_CMP means that if the connecting client proposes
DES but supports AES encryption, the server renegotiates for AES encryption.
Downlevel clients that do not support AES will still be able to connect
using DES.
- AES_ONLY means that the server accepts only AES
encryption. If the client does not support AES encryption, the connection
is rejected.