PHINMS encryption

38 views
Skip to first unread message

Schneider, Edward (MNIT)

unread,
May 3, 2018, 2:38:03 PM5/3/18
to phi...@googlegroups.com
I thought I'd pass the following along, as I found it illuminating on the currency (or lack of it) in keystore encryption/related matters in the PHINMS versions available, as well as those released and retracted (meaning v. 3.0).  The article's conclusion specifies the release and update levels for Java and Bouncy Castle where the flaws discussed in the article have evidently been addressed.  The JDK used in both PHINMS v. 2.9.00 and 3.0 is (was) JDK 7u80, and the Bouncy Castle version, 1.36--each significantly behind current developments.


http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2018/02/ndss2018_02B-1_Focardi_paper.pdf


I have provided the reference to PHINTECH with the request that it be passed to the PHINMS 3.0 developers and to Jannie Williams.  Perhaps they're also aware of the IETF's formal standards release for TLS v. 1.3 in March...


Edward A. Schneider
Information Technology Specialist/Middleware Administration | Application Data Services Unit

Minnesota IT Services | Partnering with Minnesota Department of Health
625 North Robert St.
P.O. Box 64975
St. Paul, MN 55164-0975
O: 651-201-4047
Information Technology for Minnesota Government | mn.gov/mnit
From: PHINMS User Community <phinms+...@googlegroups.com>
Sent: Wednesday, February 28, 2018 12:58:22 PM
To: Schneider, Edward (MNIT)
Subject: You have been added to PHINMS User Community
 
Hi Edward.S...@state.mn.us,
Dave Loyall added you to the PHINMS User Community group.
Message from Dave Loyall

Welcome, Edward! Cheers, --Dave L.

About this group

The PHINMS User Community discussion group is quickly becoming the an important utility for PHINMS Developers and Administrators. We urge you to take part in this conversation and help improve the PHINMS experience by sharing your knowledge to the community.

Google Groups allows you to create and participate in online forums and email-based groups with a rich community experience. You can also use your Group to share documents, pictures, and calendars invitations.

If you do not wish to be a member of this group you can unsubscribe. If you believe this group may contain spam, you can also report the group for abuse. For additional information see our help center.

If you do not wish to be added to Google Groups in the future you can opt out here.
Start a new group. Visit the help center.

Bruce Riddle

unread,
May 3, 2018, 2:51:48 PM5/3/18
to phi...@googlegroups.com
Hello,
    Monday,  May 1st,  PHIN MS support released to me version 3.1 for testing.  It came up,
talks to SQL 2017.  There is a problem right in that PHIN MS is leaving the payload
decrypted. in the SHARED/Incoming folder.   One thought is that the corresponding
SQL table is not configured correctly.  They were built in 2007.    
   I will provide more detail as testing continues.  Somebody has to be first.

B

On Thu, May 3, 2018 at 2:38 PM, Schneider, Edward (MNIT) <edward.s...@state.mn.us> wrote:
I thought I'd pass the following along, as I found it illuminating on the currency (or lack of it) in keystore encryption/related matters in the PHINMS versions available, as well as those released and retracted (meaning v. 3.0).  The article's conclusion specifies the release and update levels for Java and Bouncy Castle where the flaws discussed in the article have evidently been addressed.  The JDK used in both PHINMS v. 2.9.00 and 3.0 is (was) JDK 7u80, and the Bouncy Castle version, 1.36--each significantly behind current developments.


http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2018/02/ndss2018_02B-1_Focardi_paper.pdf


I have provided the reference to PHINTECH with the request that it be passed to the PHINMS 3.0 developers and to Jannie Williams.  Perhaps they're also aware of the IETF's formal standards release for TLS v. 1.3 in March...


Edward A. Schneider
Information Technology Specialist/Middleware Administration | Application Data Services Unit

Minnesota IT Services | Partnering with Minnesota Department of Health
625 North Robert St.
P.O. Box 64975
St. Paul, MN 55164-0975
O: 651-201-4047
Information Technology for Minnesota Government | mn.gov/mnit
From: PHINMS User Community <phinms+noreply@googlegroups.com>

Sent: Wednesday, February 28, 2018 12:58:22 PM
To: Schneider, Edward (MNIT)
Subject: You have been added to PHINMS User Community
Hi Edward.S...@state.mn.us,
Dave Loyall added you to the PHINMS User Community group.
Message from Dave Loyall

Welcome, Edward! Cheers, --Dave L.

About this group

The PHINMS User Community discussion group is quickly becoming the an important utility for PHINMS Developers and Administrators. We urge you to take part in this conversation and help improve the PHINMS experience by sharing your knowledge to the community.

Google Groups allows you to create and participate in online forums and email-based groups with a rich community experience. You can also use your Group to share documents, pictures, and calendars invitations.

If you do not wish to be a member of this group you can unsubscribe. If you believe this group may contain spam, you can also report the group for abuse. For additional information see our help center.

If you do not wish to be added to Google Groups in the future you can opt out here.
Start a new group. Visit the help center.

--

---
You received this message because you are subscribed to the Google Groups "PHINMS User Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to phinms+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Schneider, Edward (MNIT)

unread,
May 3, 2018, 3:12:30 PM5/3/18
to phi...@googlegroups.com

Actually, I incremented the JDK update used for the PHINMS versions 2.9.00 and 3.0; I should have written JDK 7u79, the last Java 7 version released to the general public.  (For some obscure reason the PHINMS developers put a ceiling on the Java version initially usable with the PHINMS console, as released for Windows.)


Edward A. Schneider
Information Technology Specialist/Middleware Administration | Application Data Services Unit

Minnesota IT Services | Partnering with Minnesota Department of Health
625 North Robert St.
P.O. Box 64975
St. Paul, MN 55164-0975
O: 651-201-4047
Information Technology for Minnesota Government | mn.gov/mnit
From: phi...@googlegroups.com <phi...@googlegroups.com> on behalf of Bruce Riddle <brucer...@gmail.com>
Sent: Thursday, May 3, 2018 1:51:45 PM
To: phi...@googlegroups.com
Subject: Re: PHINMS encryption
 
To unsubscribe from this group and stop receiving emails from it, send an email to phinms+un...@googlegroups.com.

Schneider, Edward (MNIT)

unread,
May 3, 2018, 3:30:11 PM5/3/18
to phi...@googlegroups.com

One further remark on Java within PHINMS:  the version PHINMS is using won't necessarily show up on the Windows listing of installed programs.  The PHINMS JDK version can be obtained by using a command prompt, cd'ing to the <PHINMS_installation_folder>\jdk\bin, and running the command java.exe  -version.  I suspect that the version 3.1 just released for testing did not change the JDK being used; the reason for retraction of 3.0 had to do with the SQL Server connection pool.  (In any event, good luck to Mr. Riddle in pursuing PHINMS 3.1 testing.)


Edward A. Schneider
Information Technology Specialist/Middleware Administration | Application Data Services Unit

Minnesota IT Services | Partnering with Minnesota Department of Health
625 North Robert St.
P.O. Box 64975
St. Paul, MN 55164-0975
O: 651-201-4047
Information Technology for Minnesota Government | mn.gov/mnit
From: Schneider, Edward (MNIT)
Sent: Thursday, May 3, 2018 2:12:26 PM
Reply all
Reply to author
Forward
0 new messages