A couple of comments - - Clear key ciphers are perfectly appropriate for many applications. Take for example SSL/TLS or SSH - an symmetric cipher key is generated for each session and is only used to encrypt/decrypt the data for that session. One might argue that it is "safer" for the program not to have the session key, but it has the clear text data.
- Even with large block sizes, direct access to CPACF cipher instructions is measurably faster than ICSF. It depends on your point of view as to whether you think that the difference is important. For me, the CPACF cipher instructions are just as easy to code to as ICSF, and then you don't have to worry about whether ICSF is configured / started. Kirk Wolf Dovetailed Technologies http://dovetail.com PS> Our "OpenSSH Accelerator for z/OS" was implemented hooking the OpenSSL cipher and mac routines in Ported Tools OpenSSH to use CPACF instructions if available. For typical AES ciphers / SHA-1 hashes used by ssh, this reduces the CPU time of ssh on z/OS by 70%. For more information, see: http://dovetail.com/solutions.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html