Encryption

Syndicate content 10 

Thanks for all replies in advance.  We have a security vulnerability that we have to get rid of.  We use Putty software to connect to cache as a terminal allowing several users to do maintenance work in cache.  this uses telnet Plain text.  I know that we can configure telnet to be encrypted using the super server service and I'm looking for software that can work like Putty as a terminal using encryption compatible with cache telnet encryption.   If I have cache installed on my PC and setup a connection to the server using Kerberos with encryption and use the terminal option to connect to

Last answer 2 May 2019 Last comment 6 May 2019
0   0 4
147

views

0

rating

Hi,

I have a client who is considering encryption options in order to comply with a tendering requirement.

Were they to encrypt the production database then what would be a reasonable expectation forthe impact on message throughput. Or possibly more easily answered: what would be the expected impact be on I/O rate and CPU utilization. Are there any benchmarks to which could support an estimate ?

How would this compare with plan B: to use disk encryption ?

Thanks

0   0 4
0

answers

225

views

0

rating

Hello,

Sorry for my epic english :(

 

I have a strange issue.

I have generated an encryption key with the tool (UI.Portal.EncryptionCreate.zen).

Then  I activate my key for data encryption (UI.Portal.EncryptionManaged) and encryption work fine.

But when I reboot my server the key is removed from the data encryption key list (UI.Portal.EncryptionManaged) and I have to re-activate the key.

 

Perhaps somebody have an idee ?

Cache version : Cache for Windows (x86-64) 2016.2.2 (Build 853U)

Windows: Windows Server 2012 R2 Standard

Last answer 10 November 2017 Last comment 10 November 2017
0   0 1
150

views

0

rating

A request came from a customer to estimate how long it would take to encrypt a database with cvencrypt utility.

This question is a little bit like how long is a piece of string — it depends. But its an interesting question. The answer primarily depends on the performance of CPU and storage on the target platform the customer is using, so the answer is more about coming up with a simple methodology that can be used to benchmark the CPU and storage while running cvencrypt.

+ 5   0 1
0

comments

386

views

+ 5

rating

Hello; We are managing several Ensemble instances on several servers.  One server has 4 instances, and two other servers have one instance each (those are production servers).  We encrypt all instances using the Caché encryption in the management portal.

 

Currently we are using two different encryption keys: 1 key on the server with 4 instances, which is used for all 4 instances, and a second key on single-instance server. ( I'm installing the newest production server now.)

 

Last answer 6 November 2017
+ 1   0 1
0

comments

207

views

+ 1

rating

Hi, Community! 

Please find the Developer Community Video of the week on InterSystems Developers YouTube Channel:

System Sizing for Insanely Large Deployments

 

0   0 0
0

comments

136

views

0

rating

Trying to use AES encryption for a url.  I have a plain text string, a 16-byte key and a initialization vector.  I am trying to match a C# implementation that uses RijndaelManaged class with a  BlockSize = 128, Mode = CipherMode.CBC, Padding = PaddingMode.PKCS7.  The output of the $SYSTEM.Encryption.AESCBCEncrypt(text,key,IV), doesn't match what is coming out of C#.  All inputs into the $SYSTEM.Encryption.AESCBCEncrypt(text,key,IV) are converted to UTF8 as in the documentation.

Last answer 28 August 2017 Last comment 14 August 2017
0   0 3
621

views

0

rating

Hi,

I have a situation where I write a character stream to a file. The file content gets signed and the signature is sent to a service provider together with the file content.

The signing is done using openssl.

This works perfectly on a dev PC, which is runnning Windows and has a little-endian architecture.

The problem is as soon as I do this on the server, which has a big-endian architecture, the signed value is incorrect according to the service provider.

The content is signed using RSA SHA256 with PSS padding.

Last answer 17 July 2017 Last comment 18 July 2017
0   0 2
1312

views

0

rating

Overview

Encryption of sensitive data becomes more and more important for applications. For example patient names, SSN, address-data or credit card-numbers etc..

Cache supports different flavors of encryption. Block-level database encryption and data-element encryption. The block-level database encryption protects an entire database.  The decryption/encryption is done when a block is written/read to or from the database and has very little impact on the performance.

With data-element encryption only certain data-fields are encrypted.  Fields that contain sensitive data like patient data or credit-card numbers. Data-element encryption is also useful if a re-encryption is required periodically. With data-element encryption it is the responsibility of the application to encrypt/decrypt the data.

Both encryption methods leverage the managed key encryption infrastructure of Caché.

The following article describes a sample use-case where data-element encryption is used to encrypt person data.  

But what if you have hundreds of thousands of records with an encrypted datafield and you have the need to search that field? Decryption of the field-values prior to the search is not an option. What about indices?

This article describes a possible solution and develops step-by-step a small example how you can use SQL and indices to search encrypted fields. 

Last comment 16 March 2017
+ 4   0 1
853

views

+ 4

rating

The recent announcement of a collision for the SHA-1 hash algorithm has caused some consternation:

https://shattered.io/

Here is some background to help put this in perspective.

Cryptographic hash functions can have a variety of properties.  The property at issue here is:

"Collision resistance - it is computationally infeasible to find any two distinct inputs x, x' which hash to the same output, i.e., such that h(x) = h(x')."

(Menezes, van Oorchot, and Vanstone, "Handbook of Applied Cryptography", section 9.2.2)

+ 2   0 4
0

comments

231

views

+ 2

rating

I'm currently re-engineering an application from CSP pages directly accessing COS Methods, to an Angular/Material front end accessing a REST DAL.  Both the Angular front end and REST services are hosted from the same Caché instance and the same namespace, but the REST services have their own CSP application, with all calls being routed through a Dispatch class.  

Last answer 5 January 2017 Last comment 5 January 2017
0   0 2
278

views

0

rating