All network commands among fetcher, mine, apply and console are sent encrypted. The key serves both as authentication and encryption.
The redo/plog contents is sent encrypted if the option is selected.
The key is defined by variable NETWORK_TRAFFIC_KEY. As this can be considered as sensitive information, there are more ways how to specify this value:
- DDC file (use memory_set, so it is not stored in DDC DB automatically)
- DDC DB
- the .ssh way: create a private directory (chmod 0700), store a file with a single command "memory_set NETWORK_TRAFFIC_KEY …" and include it from your DDC file (standard READ command)
- specify the key as dbvrep parameter: --netkey
The encryption uses 128bit CAST5 encryption. For more information please see http://en.wikipedia.org/wiki/CAST-128