At 03:23 PM 8/1/96 PST, [log in to unmask] wrote: >We have an internally developed application which uses Berkeley Sockets >calls for communication between our HP3000s and various Unix servers. >The development group which 'owns' this application would like to be >able to build encryption and decryption into the data paths to and from >the 3Ks, but I'm not familiar enough with networking and/or Sockets to >be able to tell them if this is possible. Apparently, there is a >concern re: "outside" processes intercepting the data stream. Has >anyone had experience with, or built an encryption solution for such an >application? If you have control over both ends of the virtual circuit, then sure, there is little problem with adding in encryption and decryption. Bear in mind that certain security protocols (e.g. DES ECB) using multiples of a fixed block size (e.g. 8 byte blocks) so you will need to be able to account for slack bytes. You also then have the responsibility for 'key' management which may involve more systems development and management. Personally, my favourites is still PGP. The problem will be if you do not have control of either of the endpoints. Then you can only hope the service or client provider can give you the necessary details to interface with. Don't hold your breath. NSVT is still unsecure and a big risk. Sniffers abound that can get their nose in where you don't want it. Cheers. ---- Jim "seMPEr" Wowchuk Vanguard Computer Services Internet: [log in to unmask] _--_|\ Compu$erve: 100036,106 / \ Post: PO Box 18, North Ryde, NSW 2113 \.--.__/ <---Sydney NSW Phone: +61 (2) 888-9688 v Australia Fax: +61 (2) 888-3056