I do not see that it is a big deal on DataStage's encryption. If you have Director access then you pretty much need to know the passwords. How many people are giving out DataStage clients to users which do not know these passwords? This is not an issue.
For national security reasons the USA algorithms are not supposed to be allowed outside the USA. Source code to these routines are restricted from beng published. Most US government computers run some kind of UNIX. They usually call it POSIX compliant. Windows now qualifies as POSIX compliant so they can bid on government contracts. I would expect that other nations have similar restrictions on their encryption routines. The US government spends lots of money breaking encryption algorithms. I am sure they can hack anything they want, any time they want. I don't think this is a secret. Your government knows this even if you don't. I am sure our closet allies share in most of this technology. You can probably guess which countries.
These algorithms change based on the level of security chosen by the vendor and the customer. I am sure the highest levels of security are not anywhere close to the public's consuption. There are some pretty incredible ones that are published. They only publish how secure they are and not the algorithms themselves. Before 9/11 these results were easily available. I have not seen anything published about them since. The cold war seems to have been reinstated with a new enemy. I am sure there is lots of technology that we do not know exists. Stealth was around a long time before that became common knowledge.
Password Validation
Moderators: chulett, rschirm, roy