1.  Home
  2. RPG400-L
  3. September 2004

RE: Triple-DES algorithm on AS/400

You should encrypt passwords and private data in a database file if it is
possible for you to do that. Decrypting it is where things get tricky.
If you only encrypt passwords, then if the end-user forgets it, you can
generate another one and email it to them or have it on an SSL page to
retrieve.
If you encrypt, say my social security number or credit card number, then
how do you use that information unless you can decrypt it?
Interesting problem. 
Depending on the laws including where there are none covering this issue,
you could write a simply cipher routine that, for example, scrambles the
account number or stores it in a second, private location, where the data in
the (for example) credit card field is really a key to access the credit
card information in that other area. 
A validation list object comes to mind as one such semi-secure location or
level of indirection that may satisfy the requirement.
-Bob Cozzi


-----Original Message-----
From: rpg400-l-bounces@xxxxxxxxxxxx [mailto:rpg400-l-bounces@xxxxxxxxxxxx]
On Behalf Of Rooney, Michael P
Sent: Friday, September 03, 2004 9:13 AM
To: RPG programming on the AS400 / iSeries
Subject: RE: Triple-DES algorithm on AS/400

Emilio,

California law isn't the only reason.  What about any sensitive customer
data?
As a financial instituion we also have to secure customer account PIN's and
addresses.
As MikeW pointed out, securing the information over the network is one
thing. Securing
it locally is another.  Why do you suppose AS/400 passwords are stored
encrypted, yet
passed across the network (TN5250 w/o SSL) unencrypted?

Regards,

Michael Rooney
Citigroup International
 

-----Original Message-----
From: rpg400-l-bounces@xxxxxxxxxxxx
[mailto:rpg400-l-bounces@xxxxxxxxxxxx]On Behalf Of Mike Wills
Sent: Thursday, September 02, 2004 7:20 PM
To: RPG programming on the AS400 / iSeries
Subject: Re: Triple-DES algorithm on AS/400


The problem with that is California's law... you have to encryt the
data in the database. So the communication might be secure, but the
data isn't if someone managed to hack into the 400.

On Thu, 2 Sep 2004 09:29:21 -0600 , Emilio Padilla - Sistemática Intl.
<epadilla@xxxxxxxxxxxxxxxxxx> wrote:
> IMHO, why would you want to load encryption/decryption to the as/400?
> Wouldn't be easier to buy a cheap firewall (us$ 600) and connect one of
your
> Ethernet card to it? Let the firewall do the encryption/decryption that's
> what the built for.
> 
> EAPT
> 
> 
> 
> -----Original Message-----
> From: Keith Carpenter [mailto:CarpCon@xxxxxxx]
> Sent: Thursday, September 02, 2004 7:43 AM
> To: RPG programming on the AS400 / iSeries
> Subject: Re: Triple-DES algorithm on AS/400
> 
> Gene published a MI version of  Twofish some years ago.  Actually it was a
> REXX procedure that generated the MI source and then created the program.
> 
> One of the problems with MI's CIPHER is you need to check that the
specific
> encryption/hash function you want has been installed on your system.
> 
> I haven't had any experience with this, but it's multi-platform (including
> OS/400).
> http://www.cs.auckland.ac.nz/~pgut001/cryptlib/
> 
> Keith
> 
> Don (in DC) wrote
> 
> > Now, we DO have this stuff in MI if this guy wants to play in MI (DES,
but
> > I don't think 2-fish)...and I'm sure that Bob will want them to call the
> > MI intrinsics from RPG as he usually does...:)
> 
> --
> This is the RPG programming on the AS400 / iSeries (RPG400-L) mailing list
> To post a message email: RPG400-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/rpg400-l
> or email: RPG400-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/rpg400-l.
> --
> This is the RPG programming on the AS400 / iSeries (RPG400-L) mailing list
> To post a message email: RPG400-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/rpg400-l
> or email: RPG400-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/rpg400-l.
> 
> 


-- 
Mike Wills
iSeries Programmer/Lawson Administrator
koldark@xxxxxxxxx
http://www.koldark.net
Want Gmail? Email koldark+gmail@xxxxxxxxx to get on my waiting list.

--
This is the RPG programming on the AS400 / iSeries (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/rpg400-l.


--
This is the RPG programming on the AS400 / iSeries (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/rpg400-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.