Interesting discussion. Some thoughts.
First, it's not "Pervasive Encryption" you're talking about. It's IBM z/OS data set encryption (DSE). PE is the IBM encryption strategy. When data set encryption came along, IBM kept calling it PE, but it's just part of PE (the rest of which hasn't really been that well defined, IMHO). Paul Gilmartin asked: >What about Format preserving encryption? Format-Preserving Encryption is for structured data, i.e., specific fields. You would not use it on a binary blob; at that point, you'd use XTS or one of the other AES modes whose output is the same length as the input. In fact, that leads me to wonder: what mode of AES *is* DSE using? It's AES, we know that, but it's unclear which mode. Since many modes increase the size of the data, I'm assuming it's a mode that does not increase the data size. Ah, this link (PDF): https://public.dhe.ibm.com/eserver/zseries/zos/DFSMS/ENCRYPTION/OA56622/OA56622.pdf suggests-though doesn't state explicitly-that it is indeed XTS, with the ability to switch to some other mode in the future if necessary (good design). Grant Taylor wrote, in part: >Conversely encryption is a kind of data authentication / verification. Um.not unless it's using specific AES modes, like GCM. If it's not expanding the data, there's nowhere to "fit" any kind of authentication. And per the above, I'm pretty sure it's (currently) XTS. He also noted: >Viruses (for PCs) have been self-decrypting for a long time. Sure, but there's some code getting invoked to do that. It's not magic. Still doesn't make it clear why DSE cannot do program objects. Attila Fogarasi suggests that the reason is simply because DSE requires extended-format data sets, which libraries aren't. That seems compelling. I assume the implicit rest of the story is, "IBM put the DSE code only in the extended-format data set processing code, because reasons". ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
