Hal Merritt wrote: >Many seem to think that encryption is easy to do. It is hard, very expensive, >and carries a risk of irrevocable loss of data. I would think that management >should select a team to plan the implementation.
>An early step in the planning process is to select the encryption algorithm to >be used. A part of that selection process should include an understanding of >how the encryption keys are to be managed. >The key management issues include how to change the key, and how to make the >key available to programs that have to have it. Of course, you don't want the >key to flow anywhere in the open, so the key itself should be encrypted. And >now you need a key for the key. >You'll need some guidance from the authority asking for the encryption. Well-said, although I'll add that there's usually no reason to use anything other than one of the modes of AES nowadays. Voltage SecureData would be an idea solution to this (yes, we're a vendor, and yes, this is our product). It would allow you to encrypt the primary key and still use it as a primary key, without changing most of your applications. If you see this in time, we have a webinar in 38 minutes: http://www.voltage.com/zprotect will let you register. -- .phsiii Phil Smith III p...@voltage.com Voltage Security, Inc. www.voltage.com (703) 476-4511 (home office) (703) 568-6662 (cell) ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
