RE: Triple-DES algorithm on AS/400 -- RPG400-L

Jim,

Appreciate your feedback but the reference to TN5250 was simply a reference.
It was not intended to imply whose specification it was, as, similarly, the
same scenario exists for TN3270 and VT100.  The objective was merely to provide
an example of locally encrypted data that, in many cases, is not encryted on
the network.  Encrypting data locally and/or encryting network data are 2
distinctively different topics, each employing different options.

Sincerely,

Michael Rooney
Citigroup International

   



-----Original Message-----
From: rpg400-l-bounces@xxxxxxxxxxxx
[mailto:rpg400-l-bounces@xxxxxxxxxxxx]On Behalf Of Jim Franz
Sent: Friday, September 03, 2004 10:37 AM
To: RPG programming on the AS400 / iSeries
Subject: Re: Triple-DES algorithm on AS/400


>Why do you suppose AS/400 passwords are stored encrypted, yet
> passed across the network (TN5250 w/o SSL) unencrypted?
It is a telnet standard to do that (not an AS400 spec), and TN5250 is
telnet. But if you set
OS400 system value qrmtsign to *verify, and Client Access to Bypass Signon
then telnet signon no longer appears (and pwd is not passed in the clear).
The CA communication signon is encrypted (but not 3des).
jim
----- Original Message ----- 
From: "Rooney, Michael P" <michael.p.rooney@xxxxxxxxxxxxx>
To: "RPG programming on the AS400 / iSeries" <rpg400-l@xxxxxxxxxxxx>
Sent: Friday, September 03, 2004 10:13 AM
Subject: RE: Triple-DES algorithm on AS/400


> Emilio,
>
> California law isn't the only reason.  What about any sensitive customer
data?
> As a financial instituion we also have to secure customer account PIN's
and addresses.
> As MikeW pointed out, securing the information over the network is one
thing. Securing
> it locally is another.  Why do you suppose AS/400 passwords are stored
encrypted, yet
> passed across the network (TN5250 w/o SSL) unencrypted?
>
> Regards,
>
> Michael Rooney
> Citigroup International
>
>
> -----Original Message-----
> From: rpg400-l-bounces@xxxxxxxxxxxx
> [mailto:rpg400-l-bounces@xxxxxxxxxxxx]On Behalf Of Mike Wills
> Sent: Thursday, September 02, 2004 7:20 PM
> To: RPG programming on the AS400 / iSeries
> Subject: Re: Triple-DES algorithm on AS/400
>
>
> The problem with that is California's law... you have to encryt the
> data in the database. So the communication might be secure, but the
> data isn't if someone managed to hack into the 400.
>
> On Thu, 2 Sep 2004 09:29:21 -0600 , Emilio Padilla - Sistemática Intl.
> <epadilla@xxxxxxxxxxxxxxxxxx> wrote:
> > IMHO, why would you want to load encryption/decryption to the as/400?
> > Wouldn't be easier to buy a cheap firewall (us$ 600) and connect one of
your
> > Ethernet card to it? Let the firewall do the encryption/decryption
that's
> > what the built for.
> >
> > EAPT
> >
> >
> >
> > -----Original Message-----
> > From: Keith Carpenter [mailto:CarpCon@xxxxxxx]
> > Sent: Thursday, September 02, 2004 7:43 AM
> > To: RPG programming on the AS400 / iSeries
> > Subject: Re: Triple-DES algorithm on AS/400
> >
> > Gene published a MI version of  Twofish some years ago.  Actually it was
a
> > REXX procedure that generated the MI source and then created the
program.
> >
> > One of the problems with MI's CIPHER is you need to check that the
specific
> > encryption/hash function you want has been installed on your system.
> >
> > I haven't had any experience with this, but it's multi-platform
(including
> > OS/400).
> > http://www.cs.auckland.ac.nz/~pgut001/cryptlib/
> >
> > Keith
> >
> > Don (in DC) wrote
> >
> > > Now, we DO have this stuff in MI if this guy wants to play in MI (DES,
but
> > > I don't think 2-fish)...and I'm sure that Bob will want them to call
the
> > > MI intrinsics from RPG as he usually does...:)
> >
> > --
> > This is the RPG programming on the AS400 / iSeries (RPG400-L) mailing
list
> > To post a message email: RPG400-L@xxxxxxxxxxxx
> > To subscribe, unsubscribe, or change list options,
> > visit: http://lists.midrange.com/mailman/listinfo/rpg400-l
> > or email: RPG400-L-request@xxxxxxxxxxxx
> > Before posting, please take a moment to review the archives
> > at http://archive.midrange.com/rpg400-l.
> > --
> > This is the RPG programming on the AS400 / iSeries (RPG400-L) mailing
list
> > To post a message email: RPG400-L@xxxxxxxxxxxx
> > To subscribe, unsubscribe, or change list options,
> > visit: http://lists.midrange.com/mailman/listinfo/rpg400-l
> > or email: RPG400-L-request@xxxxxxxxxxxx
> > Before posting, please take a moment to review the archives
> > at http://archive.midrange.com/rpg400-l.
> >
> >
>
>
> -- 
> Mike Wills
> iSeries Programmer/Lawson Administrator
> koldark@xxxxxxxxx
> http://www.koldark.net
> Want Gmail? Email koldark+gmail@xxxxxxxxx to get on my waiting list.
>
> --
> This is the RPG programming on the AS400 / iSeries (RPG400-L) mailing list
> To post a message email: RPG400-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/rpg400-l
> or email: RPG400-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/rpg400-l.
>
>
> --
> This is the RPG programming on the AS400 / iSeries (RPG400-L) mailing list
> To post a message email: RPG400-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/rpg400-l
> or email: RPG400-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/rpg400-l.
>
>


--
This is the RPG programming on the AS400 / iSeries (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/rpg400-l.