Re: [U2] ENCRYPT in Universe
You will find this is available in 11.1 Regards, Dan -Original Message- From: u2-users-boun...@listserver.u2ug.org [mailto:u2-users-boun...@listserver.u2ug.org] On Behalf Of Curt Stewart Sent: Wednesday, September 28, 2011 9:14 AM To: U2 Users List Subject: Re: [U2] ENCRYPT in Universe In which version, 10.2? The last time I tried it failed, but maybe I was doing it wrong. I don't remember what version this system is on but I'll look that up tonight. Thanks, Curt Daniel McGrath wrote: >Indexing encrypted fields should already be available in UniVerse. > >This functionality is also on the roadmap for UniData 7.4. > >Regards, > >Dan McGrath >U2 Product Manager >Rocket Software >4600 S. Ulster Street **Suite 1100 **Denver, CO 80237 * USA >Tel: +1.720.475.8098 * Fax: +1.617.630.7392 >Email: dmcgr...@rs.com >Web: www.rocketsoftware.com/u2 ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users
Re: [U2] ENCRYPT in Universe
In which version, 10.2? The last time I tried it failed, but maybe I was doing it wrong. I don't remember what version this system is on but I'll look that up tonight. Thanks, Curt Daniel McGrath wrote: >Indexing encrypted fields should already be available in UniVerse. > >This functionality is also on the roadmap for UniData 7.4. > >Regards, > >Dan McGrath >U2 Product Manager >Rocket Software >4600 S. Ulster Street **Suite 1100 **Denver, CO 80237 * USA >Tel: +1.720.475.8098 * Fax: +1.617.630.7392 >Email: dmcgr...@rs.com >Web: www.rocketsoftware.com/u2 > > >-Original Message- >From: u2-users-boun...@listserver.u2ug.org >[mailto:u2-users-boun...@listserver.u2ug.org] On Behalf Of Baker Hughes >Sent: Wednesday, September 28, 2011 8:56 AM >To: 'U2 Users List' >Subject: Re: [U2] ENCRYPT in Universe > >Data At Rest encryption became available with UV 10.2 I believe. We >implemented it after that upgrade. > >If you're asking whether you can INDEX an Encrypted DAR field, I rather doubt >it, but have not tried it. > >I would ping Nic Kesic with this question; perhaps he is listening or has a >google alert set for his name. > >Thank you. >-Baker > > > >-Original Message- >From: u2-users-boun...@listserver.u2ug.org >[mailto:u2-users-boun...@listserver.u2ug.org] On Behalf Of Curt Stewart >Sent: Wednesday, September 21, 2011 11:41 AM >To: U2 Users List >Subject: Re: [U2] ENCRYPT in Universe > >DAR = Data At Rest > >John Thompson wrote: > >>Or better yet, what is DAR? >> >>On Wed, Sep 21, 2011 at 12:11 PM, Curt Stewart < >>cstew...@tri-sysconsulting.com> wrote: >> >>> Does the DAR data support indexes? And do you know which release DAR >>> became available? >>> Curt Stewart > > >This communication, its contents and any file attachments transmitted with it >are intended solely for the addressee(s) and may contain confidential >proprietary information. >Access by any other party without the express written permission of the sender >is STRICTLY PROHIBITED. >If you have received this communication in error you may not copy, distribute >or use the contents, attachments or information in any way. Please destroy it >and contact the sender. >___ >U2-Users mailing list >U2-Users@listserver.u2ug.org >http://listserver.u2ug.org/mailman/listinfo/u2-users >___ >U2-Users mailing list >U2-Users@listserver.u2ug.org >http://listserver.u2ug.org/mailman/listinfo/u2-users > ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users
Re: [U2] ENCRYPT in Universe
Thanks for info, I was hoping for a different answer though. I have an application where the check nbr and the account number need to be both encrypted and indexed. Anybody have any suggestions on how I can accomplish that? Thanks Curt Baker Hughes wrote: >Data At Rest encryption became available with UV 10.2 I believe. We >implemented it after that upgrade. > >If you're asking whether you can INDEX an Encrypted DAR field, I rather doubt >it, but have not tried it. > >I would ping Nic Kesic with this question; perhaps he is listening or has a >google alert set for his name. > >Thank you. >-Baker > > > >-Original Message- >From: u2-users-boun...@listserver.u2ug.org >[mailto:u2-users-boun...@listserver.u2ug.org] On Behalf Of Curt Stewart >Sent: Wednesday, September 21, 2011 11:41 AM >To: U2 Users List >Subject: Re: [U2] ENCRYPT in Universe > >DAR = Data At Rest > >John Thompson wrote: > >>Or better yet, what is DAR? >> >>On Wed, Sep 21, 2011 at 12:11 PM, Curt Stewart < >>cstew...@tri-sysconsulting.com> wrote: >> >>> Does the DAR data support indexes? And do you know which release DAR >>> became available? >>> Curt Stewart > > >This communication, its contents and any file attachments transmitted with it >are intended solely for the addressee(s) and may contain confidential >proprietary information. >Access by any other party without the express written permission of the sender >is STRICTLY PROHIBITED. >If you have received this communication in error you may not copy, distribute >or use the contents, attachments or information in any way. Please destroy it >and contact the sender. >___ >U2-Users mailing list >U2-Users@listserver.u2ug.org >http://listserver.u2ug.org/mailman/listinfo/u2-users > ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users
Re: [U2] ENCRYPT in Universe
Indexing encrypted fields should already be available in UniVerse. This functionality is also on the roadmap for UniData 7.4. Regards, Dan McGrath U2 Product Manager Rocket Software 4600 S. Ulster Street **Suite 1100 **Denver, CO 80237 * USA Tel: +1.720.475.8098 * Fax: +1.617.630.7392 Email: dmcgr...@rs.com Web: www.rocketsoftware.com/u2 -Original Message- From: u2-users-boun...@listserver.u2ug.org [mailto:u2-users-boun...@listserver.u2ug.org] On Behalf Of Baker Hughes Sent: Wednesday, September 28, 2011 8:56 AM To: 'U2 Users List' Subject: Re: [U2] ENCRYPT in Universe Data At Rest encryption became available with UV 10.2 I believe. We implemented it after that upgrade. If you're asking whether you can INDEX an Encrypted DAR field, I rather doubt it, but have not tried it. I would ping Nic Kesic with this question; perhaps he is listening or has a google alert set for his name. Thank you. -Baker -Original Message- From: u2-users-boun...@listserver.u2ug.org [mailto:u2-users-boun...@listserver.u2ug.org] On Behalf Of Curt Stewart Sent: Wednesday, September 21, 2011 11:41 AM To: U2 Users List Subject: Re: [U2] ENCRYPT in Universe DAR = Data At Rest John Thompson wrote: >Or better yet, what is DAR? > >On Wed, Sep 21, 2011 at 12:11 PM, Curt Stewart < >cstew...@tri-sysconsulting.com> wrote: > >> Does the DAR data support indexes? And do you know which release DAR >> became available? >> Curt Stewart This communication, its contents and any file attachments transmitted with it are intended solely for the addressee(s) and may contain confidential proprietary information. Access by any other party without the express written permission of the sender is STRICTLY PROHIBITED. If you have received this communication in error you may not copy, distribute or use the contents, attachments or information in any way. Please destroy it and contact the sender. ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users
Re: [U2] ENCRYPT in Universe
Data At Rest encryption became available with UV 10.2 I believe. We implemented it after that upgrade. If you're asking whether you can INDEX an Encrypted DAR field, I rather doubt it, but have not tried it. I would ping Nic Kesic with this question; perhaps he is listening or has a google alert set for his name. Thank you. -Baker -Original Message- From: u2-users-boun...@listserver.u2ug.org [mailto:u2-users-boun...@listserver.u2ug.org] On Behalf Of Curt Stewart Sent: Wednesday, September 21, 2011 11:41 AM To: U2 Users List Subject: Re: [U2] ENCRYPT in Universe DAR = Data At Rest John Thompson wrote: >Or better yet, what is DAR? > >On Wed, Sep 21, 2011 at 12:11 PM, Curt Stewart < >cstew...@tri-sysconsulting.com> wrote: > >> Does the DAR data support indexes? And do you know which release DAR >> became available? >> Curt Stewart This communication, its contents and any file attachments transmitted with it are intended solely for the addressee(s) and may contain confidential proprietary information. Access by any other party without the express written permission of the sender is STRICTLY PROHIBITED. If you have received this communication in error you may not copy, distribute or use the contents, attachments or information in any way. Please destroy it and contact the sender. ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users
Re: [U2] ENCRYPT in Universe
DAR = Data At Rest John Thompson wrote: >Or better yet, what is DAR? > >On Wed, Sep 21, 2011 at 12:11 PM, Curt Stewart < >cstew...@tri-sysconsulting.com> wrote: > >> Does the DAR data support indexes? And do you know which release DAR became >> available? >> Curt Stewart >> >> Baker Hughes wrote: >> >> >Hey John, >> > >> >The ENCRYPT uniBasic function is for encrypting something on the fly. >> Whereas, with Data At Rest encryption, you simply specify which fields in >> the file, or the whole file itself, to be encrypted, and the database takes >> care of the encryption/decryption, without any programmer intervention. >> > >> >Before we had DAR going I toyed with the ENCRYPT function. If you want a >> code snippet that would demonstrate how this works, email me off list. >> > >> >HTH, >> >-Baker >> > >> > >> >-Original Message- >> >From: u2-users-boun...@listserver.u2ug.org [mailto: >> u2-users-boun...@listserver.u2ug.org] On Behalf Of John Thompson >> >Sent: Tuesday, September 20, 2011 8:51 AM >> >To: U2 Users List >> >Subject: Re: [U2] ENCRYPT in Universe >> > >> >I think I am understanding it a little more now. It seems as long as you >> don't decrypt it or store the keys in an "insecure" place, you are good to >> go. You can just compare the encrypted strings to see if a password matches >> or not. >> > >> >I'm curious though, whats the difference between the actual Encrypted >> Files features vs. the ENCRYPT function in BASIC? >> > >> >I'm guessing you might use encrypted files if you are doing something like >> credit cards? >> > >> > >> > >> >This communication, its contents and any file attachments transmitted with >> it are intended solely for the addressee(s) and may contain confidential >> proprietary information. >> >Access by any other party without the express written permission of the >> sender is STRICTLY PROHIBITED. >> >If you have received this communication in error you may not copy, >> distribute or use the contents, attachments or information in any way. >> Please destroy it and contact the sender. >> >___ >> >U2-Users mailing list >> >U2-Users@listserver.u2ug.org >> >http://listserver.u2ug.org/mailman/listinfo/u2-users >> > >> ___ >> U2-Users mailing list >> U2-Users@listserver.u2ug.org >> http://listserver.u2ug.org/mailman/listinfo/u2-users >> > > > >-- >John Thompson >___ >U2-Users mailing list >U2-Users@listserver.u2ug.org >http://listserver.u2ug.org/mailman/listinfo/u2-users > ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users
Re: [U2] ENCRYPT in Universe
Or better yet, what is DAR? On Wed, Sep 21, 2011 at 12:11 PM, Curt Stewart < cstew...@tri-sysconsulting.com> wrote: > Does the DAR data support indexes? And do you know which release DAR became > available? > Curt Stewart > > Baker Hughes wrote: > > >Hey John, > > > >The ENCRYPT uniBasic function is for encrypting something on the fly. > Whereas, with Data At Rest encryption, you simply specify which fields in > the file, or the whole file itself, to be encrypted, and the database takes > care of the encryption/decryption, without any programmer intervention. > > > >Before we had DAR going I toyed with the ENCRYPT function. If you want a > code snippet that would demonstrate how this works, email me off list. > > > >HTH, > >-Baker > > > > > >-Original Message- > >From: u2-users-boun...@listserver.u2ug.org [mailto: > u2-users-boun...@listserver.u2ug.org] On Behalf Of John Thompson > >Sent: Tuesday, September 20, 2011 8:51 AM > >To: U2 Users List > >Subject: Re: [U2] ENCRYPT in Universe > > > >I think I am understanding it a little more now. It seems as long as you > don't decrypt it or store the keys in an "insecure" place, you are good to > go. You can just compare the encrypted strings to see if a password matches > or not. > > > >I'm curious though, whats the difference between the actual Encrypted > Files features vs. the ENCRYPT function in BASIC? > > > >I'm guessing you might use encrypted files if you are doing something like > credit cards? > > > > > > > >This communication, its contents and any file attachments transmitted with > it are intended solely for the addressee(s) and may contain confidential > proprietary information. > >Access by any other party without the express written permission of the > sender is STRICTLY PROHIBITED. > >If you have received this communication in error you may not copy, > distribute or use the contents, attachments or information in any way. > Please destroy it and contact the sender. > >___ > >U2-Users mailing list > >U2-Users@listserver.u2ug.org > >http://listserver.u2ug.org/mailman/listinfo/u2-users > > > ___ > U2-Users mailing list > U2-Users@listserver.u2ug.org > http://listserver.u2ug.org/mailman/listinfo/u2-users > -- John Thompson ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users
Re: [U2] ENCRYPT in Universe
Does the DAR data support indexes? And do you know which release DAR became available? Curt Stewart Baker Hughes wrote: >Hey John, > >The ENCRYPT uniBasic function is for encrypting something on the fly. Whereas, >with Data At Rest encryption, you simply specify which fields in the file, or >the whole file itself, to be encrypted, and the database takes care of the >encryption/decryption, without any programmer intervention. > >Before we had DAR going I toyed with the ENCRYPT function. If you want a code >snippet that would demonstrate how this works, email me off list. > >HTH, >-Baker > > >-Original Message- >From: u2-users-boun...@listserver.u2ug.org >[mailto:u2-users-boun...@listserver.u2ug.org] On Behalf Of John Thompson >Sent: Tuesday, September 20, 2011 8:51 AM >To: U2 Users List >Subject: Re: [U2] ENCRYPT in Universe > >I think I am understanding it a little more now. It seems as long as you >don't decrypt it or store the keys in an "insecure" place, you are good to go. > You can just compare the encrypted strings to see if a password matches or >not. > >I'm curious though, whats the difference between the actual Encrypted Files >features vs. the ENCRYPT function in BASIC? > >I'm guessing you might use encrypted files if you are doing something like >credit cards? > > > >This communication, its contents and any file attachments transmitted with it >are intended solely for the addressee(s) and may contain confidential >proprietary information. >Access by any other party without the express written permission of the sender >is STRICTLY PROHIBITED. >If you have received this communication in error you may not copy, distribute >or use the contents, attachments or information in any way. Please destroy it >and contact the sender. >___ >U2-Users mailing list >U2-Users@listserver.u2ug.org >http://listserver.u2ug.org/mailman/listinfo/u2-users > ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users
Re: [U2] ENCRYPT in Universe
Hey John, The ENCRYPT uniBasic function is for encrypting something on the fly. Whereas, with Data At Rest encryption, you simply specify which fields in the file, or the whole file itself, to be encrypted, and the database takes care of the encryption/decryption, without any programmer intervention. Before we had DAR going I toyed with the ENCRYPT function. If you want a code snippet that would demonstrate how this works, email me off list. HTH, -Baker -Original Message- From: u2-users-boun...@listserver.u2ug.org [mailto:u2-users-boun...@listserver.u2ug.org] On Behalf Of John Thompson Sent: Tuesday, September 20, 2011 8:51 AM To: U2 Users List Subject: Re: [U2] ENCRYPT in Universe I think I am understanding it a little more now. It seems as long as you don't decrypt it or store the keys in an "insecure" place, you are good to go. You can just compare the encrypted strings to see if a password matches or not. I'm curious though, whats the difference between the actual Encrypted Files features vs. the ENCRYPT function in BASIC? I'm guessing you might use encrypted files if you are doing something like credit cards? This communication, its contents and any file attachments transmitted with it are intended solely for the addressee(s) and may contain confidential proprietary information. Access by any other party without the express written permission of the sender is STRICTLY PROHIBITED. If you have received this communication in error you may not copy, distribute or use the contents, attachments or information in any way. Please destroy it and contact the sender. ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users
Re: [U2] ENCRYPT in Universe
I think I am understanding it a little more now. It seems as long as you don't decrypt it or store the keys in an "insecure" place, you are good to go. You can just compare the encrypted strings to see if a password matches or not. I'm curious though, whats the difference between the actual Encrypted Files features vs. the ENCRYPT function in BASIC? I'm guessing you might use encrypted files if you are doing something like credit cards? On Mon, Sep 19, 2011 at 2:48 PM, John Hester wrote: > John, sorry for the delayed reply to this thread - I've been off-site > for a week without easy access to the list. David's response is correct > for most situations, but for your original example of encrypting a > user-specific password that only they have access to, you should be able > to do what you're suggesting. The password that's being encrypted can > also be its own encryption key. You won't need to store the key > anywhere and if the user forgets it you can just reset the encrypted > data to a new value. Pretty simple and elegant solution, IMHO. > > -John > > -Original Message- > From: u2-users-boun...@listserver.u2ug.org > [mailto:u2-users-boun...@listserver.u2ug.org] On Behalf Of David Jordan > Sent: Monday, September 12, 2011 3:16 PM > To: U2 Users List > Subject: Re: [U2] ENCRYPT in Universe > > Hi John > I have not played around with the encryption, but to my knowledge this > is not the way it works. The password is related to the data encrypted, > not to the user, so every user would require the same key for the data. > To change the key you need to unencrypt and reencrypt the data. > > The other option is encryption at rest where the whole database is > encrypted. This has been greatly enhanced in Rel11 of UniVerse. > > Regards > David Jordan > > -Original Message- > From: u2-users-boun...@listserver.u2ug.org > [mailto:u2-users-boun...@listserver.u2ug.org] On Behalf Of John Thompson > Sent: Monday, 12 September 2011 10:35 PM > To: U2 Users List > Subject: Re: [U2] ENCRYPT in Universe > > As far as passwords are concerned, I could use their password as the > key? > That way it would be different every time, and in order for it to be > decrypted, they would have to supply the right password, otherwise, they > would have to reset it... > > Is that a decent way of doing it? > > ___ > U2-Users mailing list > U2-Users@listserver.u2ug.org > http://listserver.u2ug.org/mailman/listinfo/u2-users > -- John Thompson ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users
Re: [U2] ENCRYPT in Universe
John, sorry for the delayed reply to this thread - I've been off-site for a week without easy access to the list. David's response is correct for most situations, but for your original example of encrypting a user-specific password that only they have access to, you should be able to do what you're suggesting. The password that's being encrypted can also be its own encryption key. You won't need to store the key anywhere and if the user forgets it you can just reset the encrypted data to a new value. Pretty simple and elegant solution, IMHO. -John -Original Message- From: u2-users-boun...@listserver.u2ug.org [mailto:u2-users-boun...@listserver.u2ug.org] On Behalf Of David Jordan Sent: Monday, September 12, 2011 3:16 PM To: U2 Users List Subject: Re: [U2] ENCRYPT in Universe Hi John I have not played around with the encryption, but to my knowledge this is not the way it works. The password is related to the data encrypted, not to the user, so every user would require the same key for the data. To change the key you need to unencrypt and reencrypt the data. The other option is encryption at rest where the whole database is encrypted. This has been greatly enhanced in Rel11 of UniVerse. Regards David Jordan -Original Message- From: u2-users-boun...@listserver.u2ug.org [mailto:u2-users-boun...@listserver.u2ug.org] On Behalf Of John Thompson Sent: Monday, 12 September 2011 10:35 PM To: U2 Users List Subject: Re: [U2] ENCRYPT in Universe As far as passwords are concerned, I could use their password as the key? That way it would be different every time, and in order for it to be decrypted, they would have to supply the right password, otherwise, they would have to reset it... Is that a decent way of doing it? ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users
Re: [U2] ENCRYPT in Universe
On 12/09/11 23:15, David Jordan wrote: > Hi John > I have not played around with the encryption, but to my knowledge this is not > the way it works. The password is related to the data encrypted, not to the > user, so every user would require the same key for the data. To change the > key you need to unencrypt and reencrypt the data. > And what would happen if the user changed their password? Plus, where would he get the password from? The password should NEVER EVER be stored ANYWHERE. Any half-way decent security system mangles the password on input, and stores the mangled version. A one-way mangle. If a system is capable of telling you what your password is, it is not secure (and it's dangerous. People re-use passwords. If a hacker gets hold of that password database how many other systems have just been compromised?) > The other option is encryption at rest where the whole database is encrypted. > This has been greatly enhanced in Rel11 of UniVerse. > Cheers, Wol ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users
Re: [U2] ENCRYPT in Universe
Hi John I have not played around with the encryption, but to my knowledge this is not the way it works. The password is related to the data encrypted, not to the user, so every user would require the same key for the data. To change the key you need to unencrypt and reencrypt the data. The other option is encryption at rest where the whole database is encrypted. This has been greatly enhanced in Rel11 of UniVerse. Regards David Jordan -Original Message- From: u2-users-boun...@listserver.u2ug.org [mailto:u2-users-boun...@listserver.u2ug.org] On Behalf Of John Thompson Sent: Monday, 12 September 2011 10:35 PM To: U2 Users List Subject: Re: [U2] ENCRYPT in Universe As far as passwords are concerned, I could use their password as the key? That way it would be different every time, and in order for it to be decrypted, they would have to supply the right password, otherwise, they would have to reset it... Is that a decent way of doing it? I've also noticed that in the manual they seem to have encrypted files, where this is handled "somewhat" automatically. But all of that seems much more complex to manage than this ENCRYPT() BASIC function. I think... Anyone ever use the encrypted file/field commands from TCL and had any luck with them? It appears you have to jump through a lot of hoops form upgrade to upgrade though, which I'm not too fond of. On Fri, Sep 9, 2011 at 9:25 PM, John Hester wrote: > The key can be any text string you want and it's completely up to you > how you store it. I would use a long, random mix of characters. The > most secure place to store it would probably be on removable media > that has to be inserted for the application to work, but that's > probably overly inconvenient for most applications. Storing it in the > same file as the encrypted data is probably the least secure place. > Storing the key in a separate file is a relatively secure method, > IMHO. There is some security by obscurity here since only someone > with knowledge of the inner workings of the application would have any > idea where the key is stored. > > It's also up to you if you want to re-use a single key or not. You > could use a different key for every piece of data, but you have to be > able to correctly marry the keys back to the right data to decrypt. > Having another file with data that points to the IDs in the encrypted > file could also tip off an attacker as to what the keys are for. I > suppose you could get elaborate and encrypt the keys themselves, then > the keys for those keys, etc., making it very difficult for an > attacker to determine the decryption sequence. You could also > re-encrypt the already encrypted data a few more times with multiple keys. > > -John > > -Original Message- > From: u2-users-boun...@listserver.u2ug.org > [mailto:u2-users-boun...@listserver.u2ug.org] On Behalf Of John > Thompson > Sent: Friday, September 09, 2011 8:44 AM > To: U2 Users List > Subject: [U2] ENCRYPT in Universe > > I am exploring the Universe data encryption features... Its my first > try at this really. > I have decent understanding off ssh and ssl, just not the U2 stuff. > > My questions are... > Where is a safe place to store the "key" (as referred to in the docs) > that the function needs to do encrypting and decrypting? > How would I generate this key? > Do I use the same key every time? > Is there a thing to generate a key... like in ssh? > > For example, lets say I have a program that encrypts the user's > password and then writes it to the data file like so... > > *A test for storing encrypted passwords. > OPEN \BAS.USERS\ TO f_bas_users ELSE > CRT \Cannot open BAS.USERS file.\ > STOP > END > * > CRT \Enter your email address: \: > input email_address > CRT \Enter your password: \: > input password > * > key= \thisismykey\ > result = \\ > encrypt_status = \\ > encrypt_status = ENCRYPT(\des3\, 1, password, 1, key, 1, 1, \\, > \\, result, 1) > CRT user_password > *Apparently a status of 0 is a success. Which is just plain weird. > IF encrypt_status = \0\ THEN > WRITEV result ON f_bas_users,email_address,3 > END > > -- > Now lets say I want to check the password to see if it is correct and > decrypt the data to do that... > > *A test for reading encrypted passwords. > OPEN \BAS.USERS\ TO f_bas_users ELSE > CRT \Cannot open BAS.USERS file.\ > STOP > END > * > CRT \Enter your email address: \: > input email_address > CRT \Enter your password: \: > input passwo
Re: [U2] ENCRYPT in Universe
As far as passwords are concerned, I could use their password as the key? That way it would be different every time, and in order for it to be decrypted, they would have to supply the right password, otherwise, they would have to reset it... Is that a decent way of doing it? I've also noticed that in the manual they seem to have encrypted files, where this is handled "somewhat" automatically. But all of that seems much more complex to manage than this ENCRYPT() BASIC function. I think... Anyone ever use the encrypted file/field commands from TCL and had any luck with them? It appears you have to jump through a lot of hoops form upgrade to upgrade though, which I'm not too fond of. On Fri, Sep 9, 2011 at 9:25 PM, John Hester wrote: > The key can be any text string you want and it's completely up to you > how you store it. I would use a long, random mix of characters. The > most secure place to store it would probably be on removable media that > has to be inserted for the application to work, but that's probably > overly inconvenient for most applications. Storing it in the same file > as the encrypted data is probably the least secure place. Storing the > key in a separate file is a relatively secure method, IMHO. There is > some security by obscurity here since only someone with knowledge of the > inner workings of the application would have any idea where the key is > stored. > > It's also up to you if you want to re-use a single key or not. You > could use a different key for every piece of data, but you have to be > able to correctly marry the keys back to the right data to decrypt. > Having another file with data that points to the IDs in the encrypted > file could also tip off an attacker as to what the keys are for. I > suppose you could get elaborate and encrypt the keys themselves, then > the keys for those keys, etc., making it very difficult for an attacker > to determine the decryption sequence. You could also re-encrypt the > already encrypted data a few more times with multiple keys. > > -John > > -Original Message- > From: u2-users-boun...@listserver.u2ug.org > [mailto:u2-users-boun...@listserver.u2ug.org] On Behalf Of John Thompson > Sent: Friday, September 09, 2011 8:44 AM > To: U2 Users List > Subject: [U2] ENCRYPT in Universe > > I am exploring the Universe data encryption features... Its my first > try at > this really. > I have decent understanding off ssh and ssl, just not the U2 stuff. > > My questions are... > Where is a safe place to store the "key" (as referred to in the docs) > that > the function needs to do encrypting and decrypting? > How would I generate this key? > Do I use the same key every time? > Is there a thing to generate a key... like in ssh? > > For example, lets say I have a program that encrypts the user's password > and > then writes it to the data file like so... > > *A test for storing encrypted passwords. > OPEN \BAS.USERS\ TO f_bas_users ELSE > CRT \Cannot open BAS.USERS file.\ > STOP > END > * > CRT \Enter your email address: \: > input email_address > CRT \Enter your password: \: > input password > * > key= \thisismykey\ > result = \\ > encrypt_status = \\ > encrypt_status = ENCRYPT(\des3\, 1, password, 1, key, 1, 1, \\, > \\, > result, 1) > CRT user_password > *Apparently a status of 0 is a success. Which is just plain weird. > IF encrypt_status = \0\ THEN > WRITEV result ON f_bas_users,email_address,3 > END > > -- > Now lets say I want to check the password to see if it is correct and > decrypt the data to do that... > > *A test for reading encrypted passwords. > OPEN \BAS.USERS\ TO f_bas_users ELSE > CRT \Cannot open BAS.USERS file.\ > STOP > END > * > CRT \Enter your email address: \: > input email_address > CRT \Enter your password: \: > input password > * > READV stored_password FROM f_bas_users,email_address,3 ELSE > stored_password = \\ > END > key= \thisismykey\ > result = \\ > decrypt_status = \\ > decrypt_status = ENCRYPT(\des3\, 3, stored_password, 1, key, 1, 1, > \\, > \\, result, 1) ; *This is actually decrypting, the 3 indicates that. > *Apparently a status of 0 is a success. Which is just plain weird. > IF decrypt_status = \0\ THEN > CRT \This is the stored password decrypted from the > file.\:result > CRT \This is the password entered by the user.\:password > END > > > So... isn't it kind of pointless to store the key in plain text in the > program? > Storing the key in plain text in the file also seems pointless? > > Thoughts? > > -- > John Thompson > ___ > U2-Users mailing list > U2-Users@listserver.u2ug.org > http://listserver.u2ug.org/mailman/listinfo/u2-users > __
Re: [U2] ENCRYPT in Universe
The key can be any text string you want and it's completely up to you how you store it. I would use a long, random mix of characters. The most secure place to store it would probably be on removable media that has to be inserted for the application to work, but that's probably overly inconvenient for most applications. Storing it in the same file as the encrypted data is probably the least secure place. Storing the key in a separate file is a relatively secure method, IMHO. There is some security by obscurity here since only someone with knowledge of the inner workings of the application would have any idea where the key is stored. It's also up to you if you want to re-use a single key or not. You could use a different key for every piece of data, but you have to be able to correctly marry the keys back to the right data to decrypt. Having another file with data that points to the IDs in the encrypted file could also tip off an attacker as to what the keys are for. I suppose you could get elaborate and encrypt the keys themselves, then the keys for those keys, etc., making it very difficult for an attacker to determine the decryption sequence. You could also re-encrypt the already encrypted data a few more times with multiple keys. -John -Original Message- From: u2-users-boun...@listserver.u2ug.org [mailto:u2-users-boun...@listserver.u2ug.org] On Behalf Of John Thompson Sent: Friday, September 09, 2011 8:44 AM To: U2 Users List Subject: [U2] ENCRYPT in Universe I am exploring the Universe data encryption features... Its my first try at this really. I have decent understanding off ssh and ssl, just not the U2 stuff. My questions are... Where is a safe place to store the "key" (as referred to in the docs) that the function needs to do encrypting and decrypting? How would I generate this key? Do I use the same key every time? Is there a thing to generate a key... like in ssh? For example, lets say I have a program that encrypts the user's password and then writes it to the data file like so... *A test for storing encrypted passwords. OPEN \BAS.USERS\ TO f_bas_users ELSE CRT \Cannot open BAS.USERS file.\ STOP END * CRT \Enter your email address: \: input email_address CRT \Enter your password: \: input password * key= \thisismykey\ result = \\ encrypt_status = \\ encrypt_status = ENCRYPT(\des3\, 1, password, 1, key, 1, 1, \\, \\, result, 1) CRT user_password *Apparently a status of 0 is a success. Which is just plain weird. IF encrypt_status = \0\ THEN WRITEV result ON f_bas_users,email_address,3 END -- Now lets say I want to check the password to see if it is correct and decrypt the data to do that... *A test for reading encrypted passwords. OPEN \BAS.USERS\ TO f_bas_users ELSE CRT \Cannot open BAS.USERS file.\ STOP END * CRT \Enter your email address: \: input email_address CRT \Enter your password: \: input password * READV stored_password FROM f_bas_users,email_address,3 ELSE stored_password = \\ END key= \thisismykey\ result = \\ decrypt_status = \\ decrypt_status = ENCRYPT(\des3\, 3, stored_password, 1, key, 1, 1, \\, \\, result, 1) ; *This is actually decrypting, the 3 indicates that. *Apparently a status of 0 is a success. Which is just plain weird. IF decrypt_status = \0\ THEN CRT \This is the stored password decrypted from the file.\:result CRT \This is the password entered by the user.\:password END So... isn't it kind of pointless to store the key in plain text in the program? Storing the key in plain text in the file also seems pointless? Thoughts? -- John Thompson ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users
Re: [U2] ENCRYPT in Universe
I just found the document called "security" in the universe docs... I guess I better set about reading that. On Fri, Sep 9, 2011 at 11:43 AM, John Thompson wrote: > I am exploring the Universe data encryption features... Its my first try > at this really. > I have decent understanding off ssh and ssl, just not the U2 stuff. > > My questions are... > Where is a safe place to store the "key" (as referred to in the docs) that > the function needs to do encrypting and decrypting? > How would I generate this key? > Do I use the same key every time? > Is there a thing to generate a key... like in ssh? > > For example, lets say I have a program that encrypts the user's password > and then writes it to the data file like so... > > *A test for storing encrypted passwords. > OPEN \BAS.USERS\ TO f_bas_users ELSE > CRT \Cannot open BAS.USERS file.\ > STOP > END > * > CRT \Enter your email address: \: > input email_address > CRT \Enter your password: \: > input password > * > key= \thisismykey\ > result = \\ > encrypt_status = \\ > encrypt_status = ENCRYPT(\des3\, 1, password, 1, key, 1, 1, \\, \\, > result, 1) > CRT user_password > *Apparently a status of 0 is a success. Which is just plain weird. > IF encrypt_status = \0\ THEN > WRITEV result ON f_bas_users,email_address,3 > END > > -- > Now lets say I want to check the password to see if it is correct and > decrypt the data to do that... > > *A test for reading encrypted passwords. > OPEN \BAS.USERS\ TO f_bas_users ELSE > CRT \Cannot open BAS.USERS file.\ > STOP > END > * > CRT \Enter your email address: \: > input email_address > CRT \Enter your password: \: > input password > * > READV stored_password FROM f_bas_users,email_address,3 ELSE > stored_password = \\ > END > key= \thisismykey\ > result = \\ > decrypt_status = \\ > decrypt_status = ENCRYPT(\des3\, 3, stored_password, 1, key, 1, 1, > \\, \\, result, 1) ; *This is actually decrypting, the 3 indicates that. > *Apparently a status of 0 is a success. Which is just plain weird. > IF decrypt_status = \0\ THEN > CRT \This is the stored password decrypted from the file.\:result > CRT \This is the password entered by the user.\:password > END > > > So... isn't it kind of pointless to store the key in plain text in the > program? > Storing the key in plain text in the file also seems pointless? > > Thoughts? > > -- > John Thompson > -- John Thompson ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users