Home » Eclipse Projects » Eclipse Platform » Encryption level?
| Encryption level? [message #28513] |
Tue, 06 May 2003 15:32  |
Eclipse User |
|
|
|
What level of encryption is provided by Eclipse? I'm not familiar with
encryption myself, so I'm not sure I'm asking the right question;
essentially, I want to be able to say that Eclipse provides a certain
level of encryption, where the level is represented by a number of bits,
such as 128-bit or 64-bit.
|
|
| |
| Re: Encryption level? [message #28523 is a reply to message #28519] |
Tue, 06 May 2003 17:18  |
| Eclipse User |
|
|
|
Originally posted by: info.oti.com
Eric Rizzo wrote:
> Mike Stewart wrote:
>> What level of encryption is provided by Eclipse? I'm not familiar with
>> encryption myself, so I'm not sure I'm asking the right question;
>> essentially, I want to be able to say that Eclipse provides a certain
>> level of encryption, where the level is represented by a number of bits,
>> such as 128-bit or 64-bit.
>
> I think you're right about not asking the right question.
> What data would you like Eclipse to encrypt? AFAIK, Eclipse does not
> encrypt any data that it is responsible for. However, it is certainly
> capable of helping you write applications/code that does encryption on
> data.
> Not sure where you're going with this...
I'm not sure, but I think things in the keyring (like CVS passwords) are
encrypted. Other than that... if you're using SSH as a connection
method, presumably it has some kind of encryption. I don't think PServer
does.
Andrew Jr.
============================================================ ==========
IBM Phoenix Labs (OTI)
11811 North Tatum Boulevard, Suite 2400
Phoenix, Arizona, USA 85028-1614
|
|
| |
| Re: Encryption level? [message #28590 is a reply to message #28519] |
Wed, 07 May 2003 08:13 |
| Eclipse User |
|
|
|
Eric Rizzo wrote:
> Mike Stewart wrote:
> > What level of encryption is provided by Eclipse? I'm not familiar with
> > encryption myself, so I'm not sure I'm asking the right question;
> > essentially, I want to be able to say that Eclipse provides a certain
> > level of encryption, where the level is represented by a number of bits,
> > such as 128-bit or 64-bit.
> I think you're right about not asking the right question.
> What data would you like Eclipse to encrypt? AFAIK, Eclipse does not
> encrypt any data that it is responsible for. However, it is certainly
> capable of helping you write applications/code that does encryption on data.
> Not sure where you're going with this...
> Eric
> --
> Eric Rizzo
> Software Architect
> Jibe, Inc.
> http://www.jibeinc.com
Basically, I want to ship a product containing
org.eclipse.core.runtime_2.0.1. The about.html for the plugin says the
following, and my production people came back with the question, "What
level of encryption is supported?"
Cryptography
Export Control
The plug-in contains encryption software. The country in which you are
currently may have restrictions on the import, possession, and use, and/or
re-export to another country, of encryption software. BEFORE using any
encryption software, please check the country's laws, regulations and
policies concerning the import, possession, or use, and re-export of
encryption software, to see if this is permitted.
Encryption Items
Details of the encryption software in this plug-in are provided to assist
in obtaining relevant export control classification and approval.
Cryptography in this plug-in has been classified as Export Commodity
Control Number (ECCN) 5D002.c.1 by the U.S. Government Department of
Commerce, Bureau of Export Administration and deemed eligible for export
under License Exception Technology Software Unrestricted (TSU) for object
code and (cryptographic) source code, and License Exception ENC Retail for
object code and no (cryptographic) source code.
The plug-in contains a proprietary routine that encrypts and decrypts
information used to login to Version Control Management (VCM)
repositories. This routine uses the SHA message digest algorithm
implemented in a Java (TM) Runtime Environment (JRE), to obtain the digest
of a user-supplied password. This digest is then used as a seed to
generate a random number using the SHA-1 pseudo-random number generator
(PRNG) implemented in the SecureRandom class in a JRE. That random number
is then added to each byte in the data to be encrypted. When the data is
to be decrypted, the same password will generate the same seed, which will
generate the same random number, which is then subtracted from each byte
in the encrypted data. Note that a JRE and therefore the aforementioned
SHA message digest and SHA-1 PRNG code are not included with the plug-in.
The following Java classes contain encryption items (the plug-in may
contain both binary and source code):
org.eclipse.core.internal.runtime.Cipher
|
|
|
| Re: Encryption level? [message #29149 is a reply to message #28590] |
Thu, 08 May 2003 17:23 |
| Eclipse User |
|
|
|
Originally posted by: John_Arthorne.oti.com_
As the about file says, the encryption is based on SHA-1. I guess if
you just want a simplistic marketing statement, you could say SHA-1 is
160 bits. That is, a brute force attack would require 2^160 operations
to decrypt it. However, as Genady mentioned, this encryption is seeded
with a password that needs to be passed on the command line, e.g.,
"eclipse -password foo". If you don't suppy a password, then the
encryption is useless.
--
Mike Stewart wrote:
> Eric Rizzo wrote:
>
>
>>Mike Stewart wrote:
>>
>>>What level of encryption is provided by Eclipse? I'm not familiar with
>>>encryption myself, so I'm not sure I'm asking the right question;
>>>essentially, I want to be able to say that Eclipse provides a certain
>>>level of encryption, where the level is represented by a number of bits,
>>>such as 128-bit or 64-bit.
>>
>
>>I think you're right about not asking the right question.
>>What data would you like Eclipse to encrypt? AFAIK, Eclipse does not
>>encrypt any data that it is responsible for. However, it is certainly
>>capable of helping you write applications/code that does encryption on data.
>>Not sure where you're going with this...
>
>
>> Eric
>>--
>>Eric Rizzo
>>Software Architect
>>Jibe, Inc.
>>http://www.jibeinc.com
>
>
> Basically, I want to ship a product containing
> org.eclipse.core.runtime_2.0.1. The about.html for the plugin says the
> following, and my production people came back with the question, "What
> level of encryption is supported?"
>
> Cryptography
> Export Control
>
> The plug-in contains encryption software. The country in which you are
> currently may have restrictions on the import, possession, and use, and/or
> re-export to another country, of encryption software. BEFORE using any
> encryption software, please check the country's laws, regulations and
> policies concerning the import, possession, or use, and re-export of
> encryption software, to see if this is permitted.
>
> Encryption Items
>
> Details of the encryption software in this plug-in are provided to assist
> in obtaining relevant export control classification and approval.
> Cryptography in this plug-in has been classified as Export Commodity
> Control Number (ECCN) 5D002.c.1 by the U.S. Government Department of
> Commerce, Bureau of Export Administration and deemed eligible for export
> under License Exception Technology Software Unrestricted (TSU) for object
> code and (cryptographic) source code, and License Exception ENC Retail for
> object code and no (cryptographic) source code.
>
> The plug-in contains a proprietary routine that encrypts and decrypts
> information used to login to Version Control Management (VCM)
> repositories. This routine uses the SHA message digest algorithm
> implemented in a Java (TM) Runtime Environment (JRE), to obtain the digest
> of a user-supplied password. This digest is then used as a seed to
> generate a random number using the SHA-1 pseudo-random number generator
> (PRNG) implemented in the SecureRandom class in a JRE. That random number
> is then added to each byte in the data to be encrypted. When the data is
> to be decrypted, the same password will generate the same seed, which will
> generate the same random number, which is then subtracted from each byte
> in the encrypted data. Note that a JRE and therefore the aforementioned
> SHA message digest and SHA-1 PRNG code are not included with the plug-in.
>
> The following Java classes contain encryption items (the plug-in may
> contain both binary and source code):
>
> org.eclipse.core.internal.runtime.Cipher
>
>
>
|
|
|
| Re: Encryption level? [message #29631 is a reply to message #29149] |
Fri, 09 May 2003 05:36 |
| Eclipse User |
|
|
|
Originally posted by: genadyb.inter.net.il
And on some platforms (e.g., unixes) the command line is visible to all
users, which makes it useless as well.
See bug http://bugs.eclipse.org/bugs/show_bug.cgi?id=22220
Genady
John Arthorne wrote:
> As the about file says, the encryption is based on SHA-1. I guess if
> you just want a simplistic marketing statement, you could say SHA-1 is
> 160 bits. That is, a brute force attack would require 2^160 operations
> to decrypt it. However, as Genady mentioned, this encryption is seeded
> with a password that needs to be passed on the command line, e.g.,
> "eclipse -password foo". If you don't suppy a password, then the
> encryption is useless.
> --
>
>
> Mike Stewart wrote:
>
>> Eric Rizzo wrote:
>>
>>
>>> Mike Stewart wrote:
>>>
>>>> What level of encryption is provided by Eclipse? I'm not familiar with
>>>> encryption myself, so I'm not sure I'm asking the right question;
>>>> essentially, I want to be able to say that Eclipse provides a certain
>>>> level of encryption, where the level is represented by a number of
>>>> bits,
>>>> such as 128-bit or 64-bit.
>>>
>>>
>>
>>> I think you're right about not asking the right question.
>>> What data would you like Eclipse to encrypt? AFAIK, Eclipse does not
>>> encrypt any data that it is responsible for. However, it is certainly
>>> capable of helping you write applications/code that does encryption
>>> on data.
>>> Not sure where you're going with this...
>>
>>
>>
>>> Eric
>>> --
>>> Eric Rizzo
>>> Software Architect
>>> Jibe, Inc.
>>> http://www.jibeinc.com
>>
>>
>>
>> Basically, I want to ship a product containing
>> org.eclipse.core.runtime_2.0.1. The about.html for the plugin says the
>> following, and my production people came back with the question, "What
>> level of encryption is supported?"
>> Cryptography
>> Export Control
>>
>> The plug-in contains encryption software. The country in which you are
>> currently may have restrictions on the import, possession, and use,
>> and/or
>> re-export to another country, of encryption software. BEFORE using any
>> encryption software, please check the country's laws, regulations and
>> policies concerning the import, possession, or use, and re-export of
>> encryption software, to see if this is permitted.
>>
>> Encryption Items
>>
>> Details of the encryption software in this plug-in are provided to assist
>> in obtaining relevant export control classification and approval.
>> Cryptography in this plug-in has been classified as Export Commodity
>> Control Number (ECCN) 5D002.c.1 by the U.S. Government Department of
>> Commerce, Bureau of Export Administration and deemed eligible for export
>> under License Exception Technology Software Unrestricted (TSU) for object
>> code and (cryptographic) source code, and License Exception ENC Retail
>> for
>> object code and no (cryptographic) source code.
>>
>> The plug-in contains a proprietary routine that encrypts and decrypts
>> information used to login to Version Control Management (VCM)
>> repositories. This routine uses the SHA message digest algorithm
>> implemented in a Java (TM) Runtime Environment (JRE), to obtain the
>> digest
>> of a user-supplied password. This digest is then used as a seed to
>> generate a random number using the SHA-1 pseudo-random number generator
>> (PRNG) implemented in the SecureRandom class in a JRE. That random number
>> is then added to each byte in the data to be encrypted. When the data is
>> to be decrypted, the same password will generate the same seed, which
>> will
>> generate the same random number, which is then subtracted from each byte
>> in the encrypted data. Note that a JRE and therefore the aforementioned
>> SHA message digest and SHA-1 PRNG code are not included with the plug-in.
>>
>> The following Java classes contain encryption items (the plug-in may
>> contain both binary and source code):
>>
>> org.eclipse.core.internal.runtime.Cipher
>>
>>
>
|
|
|
Goto Forum:
Current Time: Sat May 10 14:04:29 EDT 2025
Powered by FUDForum. Page generated in 0.04146 seconds |
Home