db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bernt M. Johnsen" <Bernt.John...@Sun.COM>
Subject DRDA Password Encryption (SECMEC_EUSRIDPWD and SECMEC_USRENCPWD)
Date Thu, 16 Jun 2005 19:10:41 GMT
Looking into password encryption I found the following:

1) The drda/DecryptionManager.java is hardcoded to use IBMJCE and
   fails with other JCE implementations.

2) derbynet/testSecMec.java has all pwd (and username + pwd)
   encryption tests disabled and has 2 interesting comments
   
   A)  * The DiffieHelman algorithm that is used here uses a prime of 32bytes and this is
not 
       * supported by Sun JCE , but is supported in ibm141 and some latest versions of ibm142

   B) // Disable because ibm142 doesnt support DiffieHelman prime of 32 bytes
      // Also Sun JCE doesnt support it.

3) The DRDA has a hardcoded 32-byte prime and base (256 bits) in the protocol spec.

4) SunJCE requires at least 512 bits (64 byte). (I guess this is
   because 256 bit is no longer considered secure for the
   Diffie-Hellman KeyAgreement protocol)

I have not tried it with IBMJCE but my trials with SunJCE confirms the
above (I removed the IBMJCE requirement and enabled the tests).

Have I missed something or is it impossible to get password
encryption.

And if I'm right: How do we get password encryption? Deviate from
DRDA?


-- 
Bernt Marius Johnsen, Database Technology Group, 
Sun Microsystems, Trondheim, Norway

Mime
View raw message