Open topic with navigation

ENCRYPTION-ALGORITHM

  (server version 5.06 or later)

(updated server version 5.35)

   (Default = 5)      

ENCRYPTION-ALGORITHM  0 .. 5                                                                   

Specifies the type of data encryption used between the MOMI PC Client and the MOMI Server in the TCP/IP data flow.

Three settings are available:

0 - None

 

1 - FAS

 

2 - AES 

 

3 - FAS No Port

 

4 - AES No Port

 

5 - FAS 2

 

0 - None, the default, means that normal MOMI traffic is not encrypted. This provides the highest level of performance with the lowest CPU cost.

1 - FAS uses a proprietary algorithm with a 256 bit asymmetric key to provide a "Fast and Simple" encryption of the data. A fairly high level of performance is obtained a modest CPU cost.

2 - AES uses the Advance Encryption Standard with a 256 bit key and provides an industry standard for data encryption. The performance impact varies depending on the NonStop CPU. The System should be monitored after selecting this option to insure no adverse amount of processor is being consumed.

3 - FAS No Port uses a proprietary algorithm with a 256 bit asymmetric key to provide a "Fast and Simple" encryption of the data. A fairly high level of performance is obtained a modest CPU cost. This algorithm may be is automatically selected if the TCP/IP dynamic port varies between the MOMI PC Client and MOMI Server.

4 - AES No Port uses the Advance Encryption Standard with a 256 bit key and provides an industry standard for data encryption. The performance impact varies depending on the NonStop CPU. The System should be monitored after selecting this option to insure no adverse amount of processor is being consumed. This algorithm may be is automatically selected if the TCP/IP dynamic port varies between the MOMI PC Client and MOMI Server.

5 - FAS 2 uses a proprietary algorithm with a 256 bit asymmetric key to provide a "Fast and Simple" encryption of the data. A fairly high level of performance is obtained a modest CPU cost. This implementation is improved over the original 1 - FAS algorithm.

Regardless of the chosen setting, even the default of None, note the following:

• Logon to the MOMI PC Client always (and always has been) encrypted.

 

• Header and control information in the data flow may not be encrypted.

 

• Certain message types, usually where only values or statistics are present, may not be encrypted for performance and data control reasons.

 

• MOMI Clients version 5.06 and earlier can still communicate with a MOMI server even if encryption is enabled. The older clients simply do not have their data encrypted. The requirements for encryption were changed at MOMI Server version 5.06. If encryption is required for all MOMI PC Clients, version 5.07 or later of the client must be installed.

 

• Encryption may be automatically downgraded to comply with US export controls.

Generally speaking, MOMI takes advantage of the multiple processing running within its environment and pushes encryption processing down-to the level where a request is actually serviced. This push helps to limit the amount of encryption overhead that occurs in the higher priority processes of a MOMI subsystem. See Process Priority for additional information on how MOMI divides its workload.

Example:

                                       == Encrypt type AES

ENCRYPTION-ALGORITHM 2