Isn't there a program someone wrote (talked about here many years ago)
that can try various passwords until something matches the hashed value?
If that's the case, hashing doesn't really do as much good as people
think it does, once someone gets hold of the RACF dataset of course.
On 1/10/2021 7:57 PM, Timothy Sipples wrote:
Here's a pedantic point: RACF doesn't actually know what the user's
password is -- thank goodness. RACF can only determine whether a
particular password or passphrase string mathematically corresponds to the
hashed value (derived from previous input) that RACF stores. True, good
hashing functions minimize collisions, and RACF uses good hashing
functions.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
