Encryption and Hashing
Magento Enterprise Edition hashes all data that does not require decryption by using a strong SHA-256 hashing algorithm instead of the previously used MD5. Legacy passwords will be hashed using the new algorithm whenever they are entered by customers, and all new passwords will be hashed using the SHA-256 algorithm.
Magento Enterprise Edition also encrypts all data that does require decryption by using an industry standard AES-256 algorithm. This includes credit card data and integration (payment and shipping modules) passwords.
Changing the Database Key
Magento Enterprise Edition provides a tool to change the database key that is used for data encryption and decryption. This database key was generated when Magento was originally installed in your production environment. The key should be changed if the old key is ever compromised, as well as on a regular basis to improve security. When the key is changed, all legacy data is re-encoded using the new key.
To change the encoding key:
1. Navigate to System > Manage Encryption Key.
2. Select whether or not the new encryption key will generate automatically. If not, a New Key field will appear in which you can manually enter a new key.
3. Click the Change Encryption Key button in the top right of the page.
The encryption key will be changed and all previous data will be encoded with the new key. The new encryption key will be displayed for reference.
Note: Please make a note of the new key and keep it in a safe place. It will be required in order to decrypt data if any problems occur with your files.