Problem

As Relativity can be run in a client/server environment and does transmit user id and passwords between the client and server, what encryption does it use?

Resolution

When setting up the Relativity catalog that defines the mapping between the Cobol file and database tables, user id’s, passwords and groups need to also be defined to limit access to the data.

With Relativity, it possible to configure it to run in a client server environment with client and server being on different machines. As data is transmitted between the server and client, a basic level of encryption is used.

When the catalog is created, a proprietary encryption method is used to store the file to table mappings, the user groups, the user id’s and the passwords. This is based on the SHA-0 hash function methodology.

The connection protocol used between the server and client, when they are different machines is tcp of the tcp/ip protocol. The user id and passwords that are transmitted are encrypted using the same method as the encryption in the catlog. The data is then compressed using a number of different techniques to reduce the amount of information that needs to be transmitted.

The hash function implementation is based on the article, "SHA: The Secure Hash Algorithm", by William Stallings, in the April 01, 1994 issue of Dr. Dobbs Journal. See this Wikipedia entry for more information The Secure Hash Algorithm.

http://www.google.co.uk/url?sa=t&rct=j&q=&esrc=s&frm=1&source=web&cd=1&cad=rja&uact=8&ved=0CC4QFjAA&url=http://en.wikipedia.org/wiki/Secure_Hash_Algorithm&ei=RotCU--bO8PxhQeb5YGgBw&usg=AFQjCNGcAAR0AsKwULcUhKB1w1l8zBsC9g&bvm=bv.64125504,d.ZG4

Incident #2694329