>Ray Evans the IBM UK Penetration Testing Manager claimed several times to be >able to recover passwords from a copy of the RACF database. I have a recording of the presentation. I hope this doesn't get him into trouble as it was a very good presentation. Look after your RACF D/B - security begins at home.
This has been discussed many times on RACF-L. If you can get at a copy of a RACF D/B, you can do a 'brute force' attack on the passwords, especially if you know the encryption algorithm, which is not a secret. Hence, IBM (and most security experts recommend protecting both the D/B and all copies. - Too busy driving to stop for gas! ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
