On Fri, 12 Jan 2007 11:19:42 -0500, Walt Farrell <[EMAIL PROTECTED]> wrote:
>On 1/12/2007 11:02 AM, Tom Marchant wrote: >> On Fri, 12 Jan 2007 12:34:59 +0100, Ulrich Boche wrote: >> >> Snip! >>> http://www.schneier.com/blog/archives/2007/01/choosing_secure.html >> >> "Good encryption software doesn't use your password as the >> encryption key." >> >> That's what RACF does. >> > >Not precisely, but certainly the transformation we use is not one that >would significantly delay a password guessing program. > Ok, I stand corrected. I've seen it posted here that RACF uses the password as a key to encrypt the userid. It seemed like a good technique to me. I was surprised at Mr. Schneier's comment quoted above. -- Tom Marchant ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
