[jira] Commented: (DERBY-528) Support for DRDA Strong User ID and Password Substitute Authentication (USRSSBPWD) scheme

Wed, 21 Jun 2006 01:39:54 -0700 

    [ 
http://issues.apache.org/jira/browse/DERBY-528?page=comments#action_12417060 ] 

Bernt M. Johnsen commented on DERBY-528:
----------------------------------------

EncryptionManager (this applies DecryptionManager) actually implements two 
distinct objects in your patch, only distinguished by the overloaded 
constructor. They should be separated into different classes (possibly with an 
abstract base class if needed).

> Support for DRDA Strong User ID and Password Substitute Authentication 
> (USRSSBPWD) scheme
> -----------------------------------------------------------------------------------------
>
>          Key: DERBY-528
>          URL: http://issues.apache.org/jira/browse/DERBY-528
>      Project: Derby
>         Type: New Feature

>   Components: Security
>     Versions: 10.1.1.0
>     Reporter: Francois Orsini
>     Assignee: Francois Orsini
>      Fix For: 10.2.0.0
>  Attachments: 528_SecMec_Testing_Table.txt, 528_diff_v1.txt, 528_stat_v1.txt
>
> This JIRA will add support for (DRDA) Strong User ID and Password Substitute 
> Authentication (USRSSBPWD) scheme in the network client/server driver layers.
> Current Derby DRDA network client  driver supports encrypted userid/password 
> (EUSRIDPWD) via the use of DH key-agreement protocol - however current Open 
> Group DRDA specifications imposes small prime and base generator values (256 
> bits) that prevents other JCE's  to be used as java cryptography providers - 
> typical minimum security requirements is usually of 1024 bits (512-bit 
> absolute minimum) when using DH key-agreement protocol to generate a session 
> key.
> Strong User ID and Password Substitute Authentication (USRSSBPWD) is part of 
> DRDA specifications as another alternative to provide ciphered passwords 
> across the wire.
> Support of USRSSBPWD authentication scheme will enable additional JCE's to  
> be used when encrypted passwords are required across the wire.
> USRSSBPWD authentication scheme will be specified by a Derby network client 
> user via the securityMechanism property on the connection UR - A new property 
> value such as ENCRYPTED_PASSWORD_SECURITY will be defined in order to support 
> this new (DRDA) authentication scheme.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

Reply via email to