|
|
Strong Encryption for PC-to-any-Host Connectivity
Encryption MethodsThe technical details of many encryption methods used in public networks today are common knowledge. For these methods the security function is contained in a bit of addition information (the key) which is inserted during encryption. Theoretically, any encryption method can be cracked by trying all the possible keys (so-called full key search). In practice, however, when a key of sufficient length is used, security breaches of this type can be prevented. 40-bit-long keys have been cracked many times already; 56-bit keys are also no longer considered secure, although a huge effort is required to break them. At 128 bits, decoders run up against physical and practical limitations: a computer that could test all the keys of this length would have to possess unimaginable computing power – currently, this is only theoretically possible. The Data Encryption Standard (DES) uses a key length of 56 bits. More recent implementations usually favor the International Data Encryption Algorithm (Idea) which encodes using 128 bits. However, the key length alone is not a measure of the effectiveness of the encryption method. In many cases there are less complicated assaults on security than the full key search – also an important factor to consider when choosing an encryption method. US Export Restrictions for EncryptionIn the USA, exporting cryptography is still legally restricted. For German companies this sometimes means that they are forced to use insecure encryption when they employ software from American manufacturers. Up to the end of 1996 the International Traffic and Arms Regulation (ITAR) prohibited the export of encryption technology used by the military. As a result, only software with a maximum of 40-bit encryption could be exported from the USA. Documents encrypted with this method can be decrypted within a few hours. Since the end of 1996 exporting cryptography is no longer regulated by the ITAR, but falls under the control of a law – the Export Administration Regulations (EAR). There are, however, still strict limitations on encryption technology. These restrictions mandate that the trade commission grant approval for export. Authorization is required for exporting encryption greater than 56-bit. The responsible regulatory body for this type of export permit is the US Department of Commerce. However, the guiding institution in the background is the National Security Agency (NSA). This agency's primary task is monitoring messages which are relevant to the security of the United States. "Strong Encryption" for HOB ProductsSince HOB software products are developed in Germany, they do not fall under the US trade restrictions. This puts you on the safe side with HOB encryption technology for software. We exclusively use encryption methods which have never been broken and, therefore, which are considered absolutely secure. You can obtain the following encryption solutions from HOB: Strong Encryption for Secure PC-to-Host Communication (S/390) for HOBLink 3270 (3270 Emulation)In the classic communications environment based on a 3270 emulation under Windows, we offer an encryption solution not only for SNA but also for TCP/IP which is considered absolutely secure. This encryption solution consists of two components, a host component (HOBCOM) and a client, which in this case is the HOBLink 3270 emulation. This configuration protects the entire communication path (end-to-end encryption between client and host). The encryption is based on the Blowfish algorithm, which has a 64-bit block cipher and a maximum key length of 256 bits. The actual data key is generated from the user key combined with a time stamp. You can encrypt either the entire data stream or just the password; data originating from on-screen communications as well as from the printer can also be encrypted. Products required for securely connecting HOBLink 3270 (3270 emulation) under Windows (32-bit):
Graphical illustration of encryption
Secure Web-to-Host Connectivity with HOBLink J-Term (3270 Terminal Emulation in Java)The growing trend toward integrating hosts in the Internet and intranet environments makes the data security issue more critical than ever. With this background, the solution described above is predestined for Web-to-Host communication. HOBLink J-Term, a combined 3270, 5250 and VT525 emulation in native Java, also gives you the option of encrypting the password or the entire data stream. The only prerequisite for the communication is a Java-capable Internet browser (e.g., Netscape Navigator or Microsoft Internet Explorer). Graphical illustration of Web-to-Host encryption (3270)
Products needed for securely connecting HOBLink J-Term (combined 3270, 5250 and VT525 terminal emulation in Java). Encryption for 3270 data stream only:
HOBLink Secure - Strong Encryption
| |
|
|||
