Is there any documentation talking about the FIM Encryption Key and what strength it has and what level of protection the encryption key has when loaded into the FIM Sync Server. Inside the file there seems to be 3 keys, one 128bit key and two 256bit keys. I assume 256Bit AES symetrical keys are being used. The encryption key seems to be stored as a LSA Secret Key under: HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\_SC_FIMSynchronizationService so has that standard level of encryption applied to it. Are there any links talking about how secure (or not) the FIM Encryption Key is?

Your assumption is correct - AES 256 it is. Cheers, MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation

Your assumption is correct - AES 256 it is. Cheers, Markus Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation Cheers for that Markus Is there any documentation about which attributes get encrypted in the MV? Or a bit more details about how the Encryption Key is used that I can reference to keep my friendly security folks happy as part of a security review? Such as "The mms_metaverse table colums "resetPassword" and mms_connectorspace.password_change_history and ... are encrypted using the 256Bit AES Key stored in the LSA"

There is nothing encrypted in the metaverse. The FIM Synchronization Service uses AES 256 to encrypt passwords used by the MAs and passwords in transit from PCNS/WMI to connected systems. We haven’t documented this on a more granular level yet. Cheers, MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation