4 Replies Latest reply: Jul 5, 2017 10:29 AM by JimmyKumbaya RSS

PDF Report Encryption Details (FOP)

JimmyKumbaya Expert

Good morning.

 

Can Tenable answer a few questions about FOP, the utility used to encrypt PDF reports in SC5?

 

1) The version shipped in SC5 is very stale (the README is dated Jul 2010). Is there a reason Tenable doesn't update to the current version?

2) Is there a supported way for me to update it?

 

3) Probably most importantly: the FOP documentation says the default encryption length is 40 bits; is that what SC is using, or has that been bumped up to something more respectable?

 

Thanks as always,

Jim

  • Re: PDF Report Encryption Details (FOP)
    CodyDumont Master

    We are talking to Dev about this question.  Please open a ticket with support on this issue also..even if you are ACS, open a ticket with ACAS and ask them to escalate. 

  • Re: PDF Report Encryption Details (FOP)
    user1234 Expert

    I opened a support ticket when I got this info in SC4.  They played the feature request dismissal game then.  Least shocking thing that a security company doesn't really care about it.  Add this to the list of security related things that Tenable doesn't care about when you tell them.

  • Re: PDF Report Encryption Details (FOP)
    JimmyKumbaya Expert

    I wonder if it's bad form to reply to my own post.

     

    I just (?) received a response via the DISA OKC help desk that the default encryption strength (40bits) is used in FOP and that Tenable is "investing an upgrade to FOP [but] it is not on the currently (sic) on the product road map. There is unfortunately no way to upgrade FOP on your own, as this could cause problems in the way SecurityCenter reporting works."

     

    I wanna ask why it might take ten weeks to get that level of detail on a reply, but I imagine my organization has its own ... quirks.

     

    Jim