db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bryan Pendleton <bpendle...@amberpoint.com>
Subject Re: [jira] Commented: (DERBY-962) Upgrade default security mechanism in client to use encrypted userid password if client can support it.
Date Sat, 18 Feb 2006 21:49:59 GMT
 > Current client  driver supports encrypted userid/password (EUSRIDPWD)
 > via the use of DH key-agreement protocol - however current Open Group
 > DRDA specifications imposes small prime and base generator values
 > (256 bits) that prevents other JCE's  (apt from ibm jce) to be used
 > as java cryptography providers.

If it's not too much trouble, can you cite chapter and verse here? I find
myself a little surprised that DRDA actually *requires* a short key
length; I would have thought that it might default to a short length, but
would allow longer lengths to be used if the user desired.

I hunted around a bit, and here's what I saw:

   EDTASECOVR, page 324 of V.3:

     The ENCALG parameter indicates the encryption algorithm to use. This
     example assumes that the default DES encryption security algorithm
     is specified. The ENCKEYLEN parameter indicates the encryption key
     length to use. This example assumes that the default 56-bit encryption
     is specified.

   ENCKEYLEN, page 332 of V.3:

     The Encryption Key Length (ENCKEYLEN) specifies the encryption key
     length to be used with ENCALG to encrypt and decrypt the security
     context information. ENCKEYLEN is used by the encryption security
     mechanisms.

Please educate me; I am a rank beginner on this crypto stuff.

thanks,

bryan





Mime
View raw message