03 March 2025

Security Update for 4.41

To ensure that our product is providing users with peace of mind we have upgraded our encryption methods. The algorithm used to encrypt sensitive data held in ebs has been updated to native SQL Server AES 256 cipher logic. This is in accordance with Microsoft recommendations and best practices.

To support this encryption, it is now a requirement that the database has a Database Master Key, before running the ebs installer. This has been added as a pre-requisite to the installer.

Please refer to Microsoft documentation for full details of the creation and management of Database Master Keys, as well as the implications on backup/ restore operations.

If not already in place, the Database Master Key can be created ahead of an upgrade.

Also note that if you make use of Customer Institution Settings, then any settings with a Data Type of Encrypted Text will be migrated to the new encryption algorithm by the upgrade process.

Types of data that will be affected include

  • Encrypted institution settings

  • Connection string information

Standard user password hashes will not be affected as these were already securely encrypted.

Any bespoke process that uses the current Decrypt function will need to switch to using the equivalent AESDecryptF function.