- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: RMS field encryption
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-25-2010 04:00 PM
тАО02-25-2010 04:00 PM
Or does anyone have a better suggestion for strong encryption at the field level?
I've tried searching ITRC and not found anything yet.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-25-2010 04:14 PM
тАО02-25-2010 04:14 PM
Re: RMS field encryption
The OpenVMS encryption software doesn't particularly care what sort of data you hand it, and RMS doesn't care what's in an individual record. It's all a wad of bytes.
You probably won't want to encrypt the key field if this is an indexed file, obviously. That Would Be Bad.
Encrypted data can also vary in length, depending on exactly what you're up to; I would plan on eventually encountering records of different lengths. If not sooner.
DES has been supplanted by AES (or better), and both DES and AES are available in current OpenVMS releases. For the current stuff, see:
http://h71000.www7.hp.com/doc/83final/ba554_90006/ch05s04.html#aesexample
I'm professionally skeptical around encryption implemented within most applications; all too often it's added into an application like magic pixie dust or an RFC checkbox requirement. It's present, but the implementation can be somewhere between problematic and leaky and easily compromised and entirely wrong.
Some folks that created AES-encrypted keydisks had an implementation bug that completely subverted their entire design, for instance.
So. What are you storing? Some sort of password? If so, that's usually not encrypted.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-25-2010 04:41 PM
тАО02-25-2010 04:41 PM
Re: RMS field encryption
It can't be permanently hashed as it must be easily readable.
I 'think' i'm looking for a PKE library that is available on VMS or easily adapted to VMS. I primarly use standard VMS C compiler.
If I can call the current AES routines for encrypt and decrypt that should work.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-26-2010 08:24 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-26-2010 09:17 AM
тАО02-26-2010 09:17 AM
Re: RMS field encryption
The encryption algorithm is only half the battle. It is also critical to use a good key that is properly controlled and changed appropriately.
I agree with Hoff. Encryption is far from "magic pixie dust". It takes little in errors and mistakes to render the best encryption useless.
As an example, there are some entertaining published reports on early web browsers that used the process ID as part of the "random" key. Unfortunately, these desktop systems had very short uptimes, so there were large numbers of high-order zero bits in the process ID and other predictable fields (see "Randomness and the Netscape Browser" by Ian Goldberg and David Wagner from the January 1996 Dr. Dobb's Journal; available at: http://www.eecs.berkeley.edu/~daw/papers/ddj-netscape.html ).
Encryption is only as good as the weakest of all of its parts.
- Bob Gezelter, http://www.rlgsc.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-26-2010 03:14 PM
тАО02-26-2010 03:14 PM
Re: RMS field encryption
Without a systematic approach around the attackers and the defenses and key management and the whole rest of the chain that gets involved here and not the least of which is the value of the target, even the best brute-force encryption tends to fail.
Data security is completely flipped around from the usual software design and coding requirements and practices, too; the code is often a target of review and of intentional attacks, and various of these attacks are incredibly clever.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-27-2010 07:01 AM
тАО02-27-2010 07:01 AM
Re: RMS field encryption
Either encrypt record by record or create
the file and then use the OpenVMS encrypt
utility to encrypt the entire file.
Guy Peleg
Maklee Engineering
www.maklee.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-27-2010 08:40 AM
тАО02-27-2010 08:40 AM
Re: RMS field encryption
That this stuff is so easy to implement and so easy to get wrong is how it so often ends up implemented like magic pixie dust, and (if the vendor is particularly unlucky) with the vendor then featured on the front page of FailBlog.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-27-2010 10:42 AM
тАО02-27-2010 10:42 AM
Re: RMS field encryption
The analysis of the Netscape incident that I cited in my earlier posting in this thread is a good read.
Encryption is not merely the process of calling a routine to "encrypt/decrypt" a buffer. Design of cryptographic algorithms is a very technical affair, so the algorithms are generally standardized.
This leaves the choice of keys. No matter how good your algorithm, if the keys are predictable (or parts of the key are predictable, as in the Netscape case from 1996), then the encrypted text can be decoded by a brute force attack.
- Bob Gezelter, http://www.rlgsc.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-16-2010 06:53 PM
тАО03-16-2010 06:53 PM