I recall the password encryption algorithm for IDMS back in the late 80's worked by repeatedly multiplying and then discarding the upper byte of the result. We actually duplicated this logic in COBOL so that we could hash user entered passwords and compare them to the stored values in the data dictionary. This algorithm was considered "irreversible" because there was no way of knowing the value of the bits that got discarded at each repetition and a single hash could not decrypt to one unique password.
However, since the original encryption algorithm was known, I believe that the passwords could have been broken by a brute force decryption program that simply substituted all 256 possible values in place of the discarded byte and create a list of all possible passwords that "could have" encrypted to the current hash. Once that list of possibles is created, you just look for the one that consists entirely of EBCDIC characters and you have your password. Bill Bass United Health Care Greenville SC > -----Original Message----- > From: IBM Mainframe Discussion List > [mailto:[EMAIL PROTECTED] On Behalf Of Dave Cartwright > Sent: Thursday, May 22, 2008 10:18 AM > To: [email protected] > Subject: Re: Off-the-wall Auditor Requests (was RE: Hardware Alerts) > > On Wed, 21 May 2008 12:19:16 -0500, Chase, John <[EMAIL PROTECTED]> > wrote: > > > > >You could also have said (truthfully) that RACF doesn't > store passwords. > >As documented in the SecAdmin Guide, RACF uses the tendered > password as > >a key to one-way encrypt the userID, and stores the encrypted userID. > >Thus, it is (remotely) possible that a given userID could > have more than > >one valid password at a given time. > > > > > I'm now wondering if this is an urban myth. At the GSE LSWG > meeting last > Tuesday Ray Evans the IBM UK Penetration Testing Manager > claimed several > times to be able to recover passwords from a copy of the RACF > database. I > have a recording of the presentation. I hope this doesn't > get him into trouble > as it was a very good presentation. > Look after your RACF D/B - security begins at home. > > DC > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html > This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
