Looking into password encryption I found the following:
1) The drda/DecryptionManager.java is hardcoded to use IBMJCE and
fails with other JCE implementations.
2) derbynet/testSecMec.java has all pwd (and username + pwd)
encryption tests disabled and has 2 interesting comments
A) * The DiffieHelman algorithm that is used here uses a prime of 32bytes
and this is not
* supported by Sun JCE , but is supported in ibm141 and some latest
versions of ibm142
B) // Disable because ibm142 doesnt support DiffieHelman prime of 32 bytes
// Also Sun JCE doesnt support it.
3) The DRDA has a hardcoded 32-byte prime and base (256 bits) in the protocol
spec.
4) SunJCE requires at least 512 bits (64 byte). (I guess this is
because 256 bit is no longer considered secure for the
Diffie-Hellman KeyAgreement protocol)
I have not tried it with IBMJCE but my trials with SunJCE confirms the
above (I removed the IBMJCE requirement and enabled the tests).
Have I missed something or is it impossible to get password
encryption.
And if I'm right: How do we get password encryption? Deviate from
DRDA?
--
Bernt Marius Johnsen, Database Technology Group,
Sun Microsystems, Trondheim, Norway
