diff --git a/modules/ROOT/pages/password-encryption.adoc b/modules/ROOT/pages/password-encryption.adoc index 61fe3132e..dd7575680 100644 --- a/modules/ROOT/pages/password-encryption.adoc +++ b/modules/ROOT/pages/password-encryption.adoc @@ -18,7 +18,7 @@ Open Liberty supports Advanced Encryption Standard (AES) encryption for passwords that are stored in the `server.xml` file. When you use this option for protecting passwords in the Open Liberty configuration, understand the limitations to the protection that AES encryption provides. -The Open Liberty `securityUtility encode` command uses AES-256 encryption when the `--encoding` option is set to `aes`. The default value for this option is `xor`. For AES decryption, Open Liberty supports both AES-128 and AES-256. +The Open Liberty `securityUtility encode` command uses AES-128 encryption when the `--encoding` option is set to `aes`. The default value for this option is `xor`. For AES decryption, Open Liberty supports AES-128. Encrypting a password in the Open Liberty configuration does not guarantee that the password is secure or protected. Encrypting a password means that someone who can see the encrypted password cannot easily recover the password unless they know the encryption key. diff --git a/modules/reference/pages/command/securityUtility-encode.adoc b/modules/reference/pages/command/securityUtility-encode.adoc index a40ab9cf8..6a71e7801 100644 --- a/modules/reference/pages/command/securityUtility-encode.adoc +++ b/modules/reference/pages/command/securityUtility-encode.adoc @@ -61,7 +61,7 @@ securityUtility encode [options] |Specifies how to encode the password. Supported encodings types are `xor`, `aes`, and `hash`. The default value for this option is `xor`. -The `aes` type uses AES-256 encryption. +The `aes` type uses AES-128 encryption. {empty} + {empty} + You can use the `hash` encoding type to encode passwords for a xref:ROOT:user-registries-application-security.adoc[basic user registry] or passwords for the xref:config/quickStartSecurity.adoc[quickStartSecurity element].