At 03:23 PM 8/1/96 PST, [log in to unmask] wrote:
>We have an internally developed application which uses Berkeley Sockets
>calls for communication between our HP3000s and various Unix servers.
>The development group which 'owns' this application would like to be
>able to build encryption and decryption into the data paths to and from
>the 3Ks, but I'm not familiar enough with networking and/or Sockets to
>be able to tell them if this is possible.  Apparently, there is a
>concern re: "outside" processes intercepting the data stream.  Has
>anyone had experience with, or built an encryption solution for such an
>application?
 
If you have control over both ends of the virtual circuit, then sure, there
is little problem with adding in encryption and decryption.  Bear in mind
that certain security protocols (e.g. DES ECB) using multiples of a fixed
block size (e.g. 8 byte blocks) so you will need to be able to account for
slack bytes.  You also then have the responsibility for 'key' management
which may involve more systems development and management.  Personally, my
favourites is still PGP.
 
The problem will be if you do not have control of either of the endpoints.
Then you can only hope the service or client provider can give you the
necessary details to interface with.  Don't hold your breath.  NSVT is still
unsecure and a big risk.  Sniffers abound that can get their nose in where
you don't want it.
 
Cheers.
----
Jim "seMPEr" Wowchuk
Vanguard Computer Services     Internet:    [log in to unmask]
 _--_|\                        Compu$erve:  100036,106
/      \                       Post:        PO Box 18, North Ryde, NSW 2113
\.--.__/ <---Sydney NSW        Phone:       +61 (2) 888-9688
      v      Australia         Fax:         +61 (2) 888-3056