when i said that they have extremely valible data i am meaning that this genetic reasearch company has the medical records, detatild information on peoples relatives back to the middle ages and the DNA codes of every person in this country.
now thats one jucy database. You guys can hopfully see now how ctritical this database is and how protection of it is essential. This is what i have understand of you guys so far. Encryption in TSM is always done on the TSM B/A-Client there do you put a 56bit encryption key on the data witch cannot be retreved without the key. So they need to come up with some sort of disaster Recovery plan, regarding the key retrival if the system admins are unavalible. If what you are saying Kyle Sparger is true then this 56bit key is probably not good enugh for them. I am no expert in Security and don?t know mutch about hacking. I don?t want to sound to paranoyed but then again who knows. This database is the brain, the hart and the lung of the company if it get exposed, every employ there can start lookin for new job the same day. Kvedja/Regards Petur Eythorsson Taeknimadur/Technician IBM Certified Specialist - AIX Tivoli Storage Manager Certified Professional Microsoft Certified System Engineer [EMAIL PROTECTED] Nyherji Hf Simi TEL: +354-569-7700 Borgartun 37 105 Iceland URL: http://www.nyherji.is -----Original Message----- From: ADSM: Dist Stor Manager [mailto:[EMAIL PROTECTED]]On Behalf Of Kyle Sparger Sent: 4. april 2002 19:14 To: [EMAIL PROTECTED] Subject: Re: don?t aynone know anything about Encryption in TSM. > (unless they can hack it, but then any encryption scheme is subject to > hacking). And this is a very important point. I could be wrong, but I seem to recall that TSM's encryption uses straight up DES, which uses a 56 bit key. It has been proven that very determined people can brute force 56 bit DES -- distributed.net, which utilizes idle time of thousands of computers, was able to do it in less than 24 hours. There are design specs available for theoretical computers which are supposed to be able to brute force 56 bit DES within minutes -- but the cost of these computers is generally considered prohibitively expensive. However: 1. Consider the following -- KaZaa, a fairly popular napster-alike, has been piggybacking programs for awhile now, one of which is designed to allow remote users to utilize idle cycles on the computers it's installed on. KaZaa is used by thousands of users. Also, how many thousands of computers out there have been broken into, or are waiting to be broken into? All of these are sources of computing power that could be used to crack DES keys. 2. 'Prohibitively expensive' is relative. I've heard estimates that put the price of building such a computer at a little over $1B USD. But then, consider how many billions of dollars countries have spent launching spy sattelites -- don't you think that they would spend just one more billion to be able to actually _use_ the encrypted information they intercepted? :) And if Moore's Law holds true, I seem to recall estimates that place 56-bit key cracking in under a week at 2020-2030. Will your data still need to be secret then? :) Basically, what I'm saying is, TSM's encryption is better than nothing, and is suitable for many purposes, but your original statement, "They have extremly valible data witch may not get in the wrong hands." ... that indicates that this may not be suitable for your case :) If you _really_ need to make sure people can't get it, you need to use a lot more than 56 bits. 128 is the bare minimum these days, and even that is starting to come under fire :) -- Kyle Sparger
