HP ThinPro 7.1 - Administrator Guide

ManualsBrandsHP ManualsDesktopsHP t520 Flexible Thin Client

171

172

173

174

175

176

177

178

179

180

Registry key Description

regenerated each time the secret is stored. The encryption key is

dierent on each thin client, and encryption and decryption are

available only to authorized programs. The supported cipher list

includes most OpenSSL ciphers and ChaCha20–Poly1305.

root/security/encryption/identity/

encryptedSecretTTL

Sets the number of seconds since the last successful login that a

stored encrypted secret will be considered valid. If set to a

negative number, encrypted secrets will not time out.

root/security/encryption/identity/

encryptedSecretTTLnonSSO

Species the number of seconds that a stored, non-SSO encrypted

secret is considered valid. If set to a nonpositive number,

encrypted secrets do not time out.

root/security/encryption/identity/

secretHashAlgorithm

Sets the algorithm for creating a hash of a secret. Key Derivation

Functions (KDFs) such as scrypt or argon2 are better than

straightforward hashes because it is not quick to compute a

rainbow dictionary using a KDF. All algorithms use an appropriate

amount of random salt, which is regenerated each time the secret

is hashed. The supported list includes scrypt, Argon2, SHA-256,

and SHA-512 (though the latter two are not KDFs).

root/security/encryption/identity/

secretHashTTL

Sets the number of seconds since the last successful login that a

stored hashes of secrets will be considered valid. If set to a

negative number, hashes of secrets will not time out.

root/security/mustLogin

If set to 1, all users are forced to log in before accessing the

desktop.

shutdown

Registry key Description

root/shutdown/enableAutomaticShutdownTimeout

If set to 1, a progress bar is shown in the shutdown/restart/logout

conrmation dialog box. If the question is not answered in time,

automatically shutdown/restart/logout.

root/shutdown/timeOfAutomaticShutdownTimeout

Sets the wait time for automatic shutdown timeout.

sshd

Registry key Description

root/sshd/disableWeakCipher

If set to 1, disable the CBC mode cipher and other known weak

ciphers, such as 3DES, arcfour, etc.

root/sshd/disableWeakHmac

If set to 1, disable 96 bit hmac and any sha1–based and md5–

based hmac.

root/sshd/disableWeakKex

If set to 1, disable key exchange algorithms that have DH with

SHA1.

root/sshd/enabled

If set to 1, the SSH daemon is enabled and the thin client can be

accessed via SSH.

root/sshd/userAccess

If set to 1, end users can connect to the thin client via SSH.

shutdown 159