I just took a really quick look at this and you'll want to avoid RC4 encryption altogether. It can be brute force attacked pretty quickly. 256 bit AES is much better (and preferred if you have to be PCI compliant) but that article misses a few key items: 1) You have to use a "salt" value for each thing you encipher or you leave yourself open to a dictionary attack. 2) For AES, the pass phrase is exactly one block long, 3) padding isn't discussed (or really mentioned), 4) your encrypted data is now binary data so you have to have some way of determining its length.
There was a discussion about this within the past month or two during which I posted a service program that wraps the CIPHER MI and these topics are discussed in that thread.
Matt
-----Original Message-----
From: rpg400-l-bounces@xxxxxxxxxxxx [mailto:rpg400-l-bounces@xxxxxxxxxxxx] On Behalf Of Mark S. Waterbury
Sent: Monday, December 03, 2007 12:41 PM
To: RPG programming on the AS400 / iSeries
Subject: Re: Field Encryption on V5R3
Try this:
http://www.mcpressonline.com/mc?1@xxxxxxxxxxxxxxx@.6b37c200
Mike wrote:
Does anyone have a good article on getting started with field encryption
using the i5/OS APIs? I am starting to doze on reading the IBM documentation
I found.
--
This is the RPG programming on the AS400 / iSeries (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at
http://archive.midrange.com/rpg400-l.
midrange.com
