Authasas Advanced Authentication encrypts all enterprise and user data stored in the corporate directory or in local cache.

By default, enterprise encryption keys and user encryption keys are created using the Microsoft Enhanced Cryptographic provider.  This CSP is included in Windows Server 2003 SP2, Server 2008, Windows XP SP3, and Windows 7.  Specific algorithms and key lengths are explained by Microsoft HERE.

Third-party, MS-CAPI compliant cryptographic service providers are fully supported and configured during installation.  For organizations with a third party CSP deployed, you may configure the CSP and key lengths for encryption, signing, and hash functions.

The Enterprise Key encrypts all Advanced Authentication Data, including all configuration and policy data that would be stored within AD or AD LDS.  User Keys are created to protect individual user credentials, templates, or other secrets that are specific to each user.  All data remains encrypted both while at rest, and during transmission between the Authenticore Server and the Advanced Authentication Client.  Data is only decrypted for the duration of an authentication attempt.  The Authenticore Server completely destroys the unencrypted data once the transaction is complete.