Converting from Legacy DES Algorithm to AES

Document ID : KB000125680
Last Modified Date : 01/02/2019
Show Technical Document Details
Question:
We are converting from Legacy DES Algorithm to AES Algorithm Password Encryption on all of our Mainframe LPARS.
We need to know if this will have any impact to Datacom.
Environment:
z/OS
CA Datacom
Answer:
There is no direct impact to Datacom.
Datacom does a call to the external security package ( Top Secret/ACF2/RACF) to validate a user and password.
If the external security package supports AES then all is fine.
CA Top Secret and CA ACF2 do but an increase in CPU utilization occurs for AES256 password encryption during System Entry Validation (LOGON), password verifications, and password changes.
Check with IBM for RACF.