db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sunitha Kambhampati <ksunitha...@gmail.com>
Subject Re: [jira] Commented: (DERBY-962) Upgrade default security mechanism in client to use encrypted userid password if client can support it.
Date Mon, 20 Feb 2006 17:19:52 GMT
Bryan Pendleton wrote:

> > Current client  driver supports encrypted userid/password (EUSRIDPWD)
> > via the use of DH key-agreement protocol - however current Open Group
> > DRDA specifications imposes small prime and base generator values
> > (256 bits) that prevents other JCE's  (apt from ibm jce) to be used
> > as java cryptography providers.
>
> If it's not too much trouble, can you cite chapter and verse here? 

It is in the DDM manual, page 281 and 282..  Section: Generating the 
shared private key.
DRDA's diffie helman agreed public values for prime are 256 bits.  The 
spec gives the public values for the prime, generator and the size of 
exponent required for DH .
"These values must be used as is to generate  a shared private key."

Hope this helps,
Sunitha.


Mime
View raw message