John Blythe Reid wrote: >I'm writing the module in PL/I but I can soon slip an >assembler sub-routine in !
Is it such a good idea to write an assembler subroutine to encrypt a piece of data using 3DES specifically? It's generally bad practice to hardcode an encryption algorithm choice. If (or when) the algorithm is broken in the future then somebody has to go deep into your code to change your hardcoded choice, and that's not easy or fun. Hopefully you're dealing with 3TDEA (3DES Keyring Option 1), the only 3DES variant that NIST still (November, 2015) considers "Acceptable," but even if you are it would be a good idea to parameterize the algorithm choice. ICSF could be helpful in that respect. Another problem is that this flow also involves "clear key" encryption and could have to be reworked just for that reason. You did mention bank cards. -------------------------------------------------------------------------------------------------------- Timothy Sipples IT Architect Executive, Industry Solutions, IBM z Systems, AP/GCG/MEA E-Mail: sipp...@sg.ibm.com ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN