Magento Open Source 2.1.x

Magento 2.1.x Notice: Magento 2.1.18 is the final 2.1.x release. After June 2019, Magento 2.1.x will no longer receive security patches, quality fixes, or documentation updates. To maintain your site's performance, security, and PCIPayment Card Industry: Refers to debit and credit cards and their associated businesses. compliance, upgrade to the latest version of Magento. The Magento User Guide 2.1.x remains available in PDF for Open Source and Commerce.

Encryption Key

Magento uses an encryption key to protect passwords and other sensitive data. An industry-standard Advanced Encryption Standard (AES-256) algorithm is used to encrypt all data that requires decryption. This includes credit card data and integration (payment and shipping module) passwords. In addition, a strong Secure Hash Algorithm (SHA-256) is used to hash all data that does not require decryption.

During the initial installation, you are prompted to either let Magento generate an encryption key, or enter one of your own. The Encryption Key tool allows you to change the key as needed. The encryption key should be changed on a regular basis to improve security, as well as at any time the original key might be compromised. Whenever the key is changed, all legacy data is re-encoded using the new key.


Encryption Key