Long Encryption Phrases Advisory
Last updated Jan. 4, 2019
A software issue could lead to problems decrypting files under rare circumstances. Although none of our customers have encountered problems decrypting files, we are calling the issue to your attention as a precaution.
The issue has to do with the length of the encryption phrases used on the File Fabric for org. encryption or personal encryption. To prevent this problem from affecting your data, do not use encryption phrases that are longer than 60 characters. This applies to both org. encryption and personal encryption. Use of encryption phrases longer than 60 characters could, under special circumstances, cause the phrases to be lost, possibly preventing the files from being decrypted.
You can check your org. encryption phrase on the Encryption tab of the Policies page. In the unlikely event that you are using an org. encryption phrase that is more than 60 characters long or that any of your users are using personal encryption phrases that are more than 60 characters long:
- If the phrase is being used for org. encryption, do not reset the phrase.
- Make note of the phrase.
- Contact SME Support at firstname.lastname@example.org so we can help you switch to a shorter phrase.
The 60 character limit for encryption phrases is enforced for org. encryption in the recently released versions 1803.07 and 1808.01 of the File Fabric. If File Fabric encryption is used in your organisation, please upgrade to one of these versions promptly.
Note that encryption phrases should contain only characters from the standard ASCII character set, which includes these characters:
If you have any questions about the File Fabric and encryption phrases please contact us at: email@example.com.