Thanks for all replies in advance. We have a security vulnerability that we have to get rid of. We use Putty software to connect to cache as a terminal allowing several users to do maintenance work in cache. this uses telnet Plain text. I know that we can configure telnet to be encrypted using the super server service and I'm looking for software that can work like Putty as a terminal using encryption compatible with cache telnet encryption. If I have cache installed on my PC and setup a connection to the server using Kerberos with encryption and use the terminal option to connect to

0 5
0 867

Hi,

I have a client who is considering encryption options in order to comply with a tendering requirement.

Were they to encrypt the production database then what would be a reasonable expectation forthe impact on message throughput. Or possibly more easily answered: what would be the expected impact be on I/O rate and CPU utilization. Are there any benchmarks to which could support an estimate ?

How would this compare with plan B: to use disk encryption ?

Thanks

0 3
0 490

Hello,

Sorry for my epic english :(

I have a strange issue.

I have generated an encryption key with the tool (UI.Portal.EncryptionCreate.zen).

Then I activate my key for data encryption (UI.Portal.EncryptionManaged) and encryption work fine.

But when I reboot my server the key is removed from the data encryption key list (UI.Portal.EncryptionManaged) and I have to re-activate the key.

Perhaps somebody have an idee ?

Cache version : Cache for Windows (x86-64) 2016.2.2 (Build 853U)

Windows: Windows Server 2012 R2 Standard

0 2
0 366

A request came from a customer to estimate how long it would take to encrypt a database with cvencrypt utility.

This question is a little bit like how long is a piece of string — it depends. But its an interesting question. The answer primarily depends on the performance of CPU and storage on the target platform the customer is using, so the answer is more about coming up with a simple methodology that can be used to benchmark the CPU and storage while running cvencrypt.

6 0
1 1K

Hello; We are managing several Ensemble instances on several servers. One server has 4 instances, and two other servers have one instance each (those are production servers). We encrypt all instances using the Caché encryption in the management portal.

Currently we are using two different encryption keys: 1 key on the server with 4 instances, which is used for all 4 instances, and a second key on single-instance server. ( I'm installing the newest production server now.)

1 1
0 643

Hi, Community!

Please find the Developer Community Video of the week on InterSystems Developers YouTube Channel:

System Sizing for Insanely Large Deployments

https://www.youtube.com/embed/Yjql-j8cGJo
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

1 0
0 368
Question
· Aug 4, 2017
AES Encryption

Trying to use AES encryption for a url. I have a plain text string, a 16-byte key and a initialization vector. I am trying to match a C# implementation that uses RijndaelManaged class with a BlockSize = 128, Mode = CipherMode.CBC, Padding = PaddingMode.PKCS7. The output of the $SYSTEM.Encryption.AESCBCEncrypt(text,key,IV), doesn't match what is coming out of C#. All inputs into the $SYSTEM.Encryption.AESCBCEncrypt(text,key,IV) are converted to UTF8 as in the documentation.

0 5
0 1.7K

Hi,

I have a situation where I write a character stream to a file. The file content gets signed and the signature is sent to a service provider together with the file content.

The signing is done using openssl.

This works perfectly on a dev PC, which is runnning Windows and has a little-endian architecture.

The problem is as soon as I do this on the server, which has a big-endian architecture, the signed value is incorrect according to the service provider.

The content is signed using RSA SHA256 with PSS padding.

0 8
0 3.2K

Overview

Encryption of sensitive data becomes more and more important for applications. For example patient names, SSN, address-data or credit card-numbers etc..

Cache supports different flavors of encryption. Block-level database encryption and data-element encryption. The block-level database encryption protects an entire database. The decryption/encryption is done when a block is written/read to or from the database and has very little impact on the performance.

With data-element encryption only certain data-fields are encrypted. Fields that contain sensitive data like patient data or credit-card numbers. Data-element encryption is also useful if a re-encryption is required periodically. With data-element encryption it is the responsibility of the application to encrypt/decrypt the data.

Both encryption methods leverage the managed key encryption infrastructure of Caché.

The following article describes a sample use-case where data-element encryption is used to encrypt person data.

But what if you have hundreds of thousands of records with an encrypted datafield and you have the need to search that field? Decryption of the field-values prior to the search is not an option. What about indices?

This article describes a possible solution and develops step-by-step a small example how you can use SQL and indices to search encrypted fields.

5 9
1 1.7K
Article
· Feb 24, 2017 1m read
Collision for SHA-1 hash algorithm

The recent announcement of a collision for the SHA-1 hash algorithm has caused some consternation:

https://shattered.io/

Here is some background to help put this in perspective.

Cryptographic hash functions can have a variety of properties. The property at issue here is:

"Collision resistance - it is computationally infeasible to find any two distinct inputs x, x' which hash to the same output, i.e., such that h(x) = h(x')."

(Menezes, van Oorchot, and Vanstone, "Handbook of Applied Cryptography", section 9.2.2)

2 0
0 578

I'm currently re-engineering an application from CSP pages directly accessing COS Methods, to an Angular/Material front end accessing a REST DAL. Both the Angular front end and REST services are hosted from the same Caché instance and the same namespace, but the REST services have their own CSP application, with all calls being routed through a Dispatch class.

0 5
0 549