Passwords are secured using HMAC-512. HMAC (Hash-based Message Authentication Code) is a MAC defined in RFC2104 and FIPS-198 and constructed using a cryptographic hash algorithm.

Data is secured using AES-CBC. AES (Advanced Encryption Standard) is a symmetric block cipher standardized by NIST . It has a fixed data block size of 16 bytes. Its keys can be 128, 192, or 256 bits long.

These cryptographic methods are implemented in the crypto.py file within the vault.

AES (Advanced Encryption Standard):

• Key Size: 32 bytes
• Mode of Operation: AES.MODE_EAX
• Usage:
  • Encrypts and decrypts data at rest in the vault.

HMAC (Hash-based Message Authentication Code):

• Algorithm: SHA-512
• Key Size: 32 bytes
• Usage:
  • Generates and verifies HMACs for unique values in the vault.

Fernet encryption:

• Key Size: 32 bytes
• Usage:
  • Encrypts and decrypts identity tokens used by the vault.