Converting from Legacy DES Algorithm to AES

Article Id: 125680

Status: Published

Updated On: 01-02-2019 07:13

Products:

CA Datacom , CA CIS , CA Common Services for z/OS , CA 90s Services , CA Database Management Solutions for DB2 for z/OS , CA Common Product Services Component , CA Common Services , CA Datacom/AD , CA ecoMeter Server Component FOC , CA Easytrieve Report Generator for Common Services , CA Infocai Maintenance , CA IPC , Unicenter CA-JCLCheck Common Component , CA Mainframe VM Product Manager , CA Chorus Software Manager , CA On Demand Portal , CA Service Desk Manager - Unified Self Service , CA PAM Client for Linux for zSeries , CA Mainframe Connector for Linux on System z , CA Graphical Management Interface , CA Web Administrator for Top Secret , CA CA- Xpertware

Issue/Introduction:

We are converting from Legacy DES Algorithm to AES Algorithm Password Encryption on all of our Mainframe LPARS.
We need to know if this will have any impact to Datacom.

Environment:

z/OS
CA Datacom

Resolution:

There is no direct impact to Datacom.
Datacom does a call to the external security package ( Top Secret/ACF2/RACF) to validate a user and password.
If the external security package supports AES then all is fine.
CA Top Secret and CA ACF2 do but an increase in CPU utilization occurs for AES256 password encryption during System Entry Validation (LOGON), password verifications, and password changes.
Check with IBM for RACF.