third_party_content:community:commentary:forums_nonworks:e240a7b9d1d18fae85256f2e000720c5

Sign up on the Revelation Software website to have access to the most current content, and to be able to ask questions and get answers from the Revelation community

Arev Data Encyrption (AREV Specific)

At 14 OCT 2004 09:17:51PM Frank Ritts wrote:

Does anyone know of any data file Encryption program or method that can be implemented to data encrypt arev data file? iso auditors are asking me to do this…..

Thanks in advance

At 15 OCT 2004 06:41PM Steve Smith wrote:

There are a couple of ways, Frank.

The first way is to set up a data key, and run the same routine to encrypt and decrypt. Then you BITXOR each character of the key against the data.

There is the inbuilt encryption routine and features ($RTPxx).

There is the option of ICONV/OCONV "HEX" and then INVERT(var)

There is the option of Base64 encoding of data.

You could roll-your-own routines inside a couple of hours.

Security MFS can be installed (possibly the best place to do this).

The other way is to tell the auditors that no other package can read or connect to LH files. Usually shuts them up.

Another way is to say you'll add encryption, but you'll be charging the auditors for the resultant performance and productivity drops.

Another way is to say that security is at network level. Then they'll lean on the network administrator.

The auditors have the right to ask for security, but not to insist on encryption. Your client can insist on encryption, but would have to pay handsomely. Your boss can ask for whatever he wants. :-)

At 16 OCT 2004 02:56PM Frank Ritts wrote:

Thank you for the insight (no pun) I have replyed to the owner of these issues. The problem is that the auditors have no idea what linear hash is, so they don't really know how to approach the issue. I went the difficulty of getting access to these files, but honestly, I don't think they understand the process.

I have talked to the owner about the performance hit. So we'll see what we happen.

Again thanks for the info, Steve

At 22 OCT 2004 05:32AM dsig_at_sigafoos.org wrote:

SS]]The other way is to tell the auditors that no other package can read or connect to LH files. Usually shuts them up.

This is a very bad thing to tell the auditors and can lead to some serious problems.

Almost any 'program' editor can be used to edit the file and see all the data. Sure a simple c routine would filestream the data in and allow parsing through

The best methods are ..

1) use the newest UD and hide the files. If you can't see it you probably wont know to access it. Removes the possibility of deleting a file etc. Tried to get one of my former clients to go this way but i doubt they have/will. They are sure they will be getting rid of the Arev systems *soon*

2) Adding encryption with SEC and a mfs, along with 1, will greatly enhance the security of the data.

It would be very nice if RTI added an encryption (and compression) option to the UD. Something that is an add-on so it doesn't slow down the current workings.

dsig_at_sigafoos.org

DSigs Radio Free Oregon

Phone: 971-570-2005

View this thread on the forum...

  • third_party_content/community/commentary/forums_nonworks/e240a7b9d1d18fae85256f2e000720c5.txt
  • Last modified: 2023/12/28 07:40
  • by 127.0.0.1