× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. December 2007

RE: Field Encryption on V5R3

I'll preface by saying I have not used column encryption in DB2, but as I recall from research a while back, the facility works fine, except for key management. IIRC, the encryption functions in DB2 accept keys as parameter data, which means you need a secure mechanism in place for procuting the keys before you can access the field data. You would not want to hard code the keys, for obvious reasons.

I believe OS400 keystore can be used to provide this mechanism, but I have not looked into this in detail.

hth,
Eric

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx]On Behalf Of Mike
Sent: Monday, December 03, 2007 1:12 PM
To: Midrange Systems Technical Discussion
Subject: Re: Field Encryption on V5R3


What about the SQL encryption functions? Are they any good security wise? We
are looking to encrypt checking account numbers.

On Dec 3, 2007 12:04 PM, Haas, Matt (CL Tech Sv) <matt.haas@xxxxxxxxxxx>
wrote:

I just took a really quick look at this and you'll want to avoid RC4
encryption altogether. It can be brute force attacked pretty quickly. 256
bit AES is much better (and preferred if you have to be PCI compliant) but
that article misses a few key items: 1) You have to use a "salt" value for
each thing you encipher or you leave yourself open to a dictionary attack.
2) For AES, the pass phrase is exactly one block long, 3) padding isn't
discussed (or really mentioned), 4) your encrypted data is now binary data
so you have to have some way of determining its length.

There was a discussion about this within the past month or two during
which I posted a service program that wraps the CIPHER MI and these topics
are discussed in that thread.

Matt

-----Original Message-----
From: rpg400-l-bounces@xxxxxxxxxxxx [mailto:rpg400-l-bounces@xxxxxxxxxxxx]
On Behalf Of Mark S. Waterbury
Sent: Monday, December 03, 2007 12:41 PM
To: RPG programming on the AS400 / iSeries
Subject: Re: Field Encryption on V5R3

Try this:
http://www.mcpressonline.com/mc?1@xxxxxxxxxxxxxxx@.6b37c200

> Mike wrote:
Does anyone have a good article on getting started with field encryption
using the i5/OS APIs? I am starting to doze on reading the IBM
documentation
I found.


--
This is the RPG programming on the AS400 / iSeries (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/rpg400-l.


--
This is the RPG programming on the AS400 / iSeries (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/rpg400-l.





As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.