Password Phrase Encryption Algo?
Hi, Does anybody have a clue how the PASSPHRASE is encrypted in RACF? It looks very much like SHA (SHA-1 I hope), it depends on both the username and password, but how is it build? Yes, I have asked in the RACF list already :) Br, Costin -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Password Phrase Encryption Algo?
Sorry if I'm being pedantic, but SHA-1 is not an encryption algorithm - it is a cryptographic hash function. http://en.wikipedia.org/wiki/Cryptographic_hash_function On Mon, Mar 19, 2012 at 9:09 AM, Costin Enache e_cos...@yahoo.com wrote: Hi, Does anybody have a clue how the PASSPHRASE is encrypted in RACF? It looks very much like SHA (SHA-1 I hope), it depends on both the username and password, but how is it build? Yes, I have asked in the RACF list already :) Br, Costin -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Password Phrase Encryption Algo?
Of course. The final result looks like SHA-1, but several operations could take place before - DES, etc. At the end it is a cryptographic operation. The corect question would be - how are the passwords hashed, and potentially encrypted, for RACF passworh phrases? From: Kirk Wolf k...@dovetail.com To: IBM-MAIN@bama.ua.edu Sent: Monday, March 19, 2012 4:17 PM Subject: Re: Password Phrase Encryption Algo? Sorry if I'm being pedantic, but SHA-1 is not an encryption algorithm - it is a cryptographic hash function. http://en.wikipedia.org/wiki/Cryptographic_hash_function On Mon, Mar 19, 2012 at 9:09 AM, Costin Enache e_cos...@yahoo.com wrote: Hi, Does anybody have a clue how the PASSPHRASE is encrypted in RACF? It looks very much like SHA (SHA-1 I hope), it depends on both the username and password, but how is it build? Yes, I have asked in the RACF list already :) Br, Costin -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Password Phrase Encryption Algo?
On Mon, 19 Mar 2012 16:19:37 +, Costin Enache wrote: Of course. The final result looks like SHA-1, but several operations could take place before - DES, etc. At the end it is a cryptographic operation. The corect question would be - how are the passwords hashed, and potentially encrypted, for RACF passworh phrases? A one-way hash should be preferble to encryption because there should be no possibility that the key could be stolen. A dual-key ciphersystem with one key discarded is comparable to a one-way hash. From: Kirk Wolf Sent: Monday, March 19, 2012 4:17 PM Sorry if I'm being pedantic, but SHA-1 is not an encryption algorithm - it is a cryptographic hash function. http://en.wikipedia.org/wiki/Cryptographic_hash_function On Mon, Mar 19, 2012 at 9:09 AM, Costin Enache wrote: Does anybody have a clue how the PASSPHRASE is encrypted in RACF? It looks very much like SHA (SHA-1 I hope), it depends on both the username and password, but how is it build? -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Password Phrase Encryption Algo?
Well, the standard DES crypto for RACF (iSeries also) is using the password as the key to encrypt the username (profile name). In a practical sense, it is like hashing - the key is never stored on the system, so it cannot get stolen. It is also quite strong, but the algo is outdated and crippling it by dropping 8 bits makes it even weaker; the character set is also relatively small, enabling easy cracking. A decent AES, with mixed case and large charset, would quicly resolve the classical issue. Costin From: Paul Gilmartin paulgboul...@aim.com To: IBM-MAIN@bama.ua.edu Sent: Monday, March 19, 2012 5:34 PM Subject: Re: Password Phrase Encryption Algo? On Mon, 19 Mar 2012 16:19:37 +, Costin Enache wrote: Of course. The final result looks like SHA-1, but several operations could take place before - DES, etc. At the end it is a cryptographic operation. The corect question would be - how are the passwords hashed, and potentially encrypted, for RACF passworh phrases? A one-way hash should be preferble to encryption because there should be no possibility that the key could be stolen. A dual-key ciphersystem with one key discarded is comparable to a one-way hash. From: Kirk Wolf Sent: Monday, March 19, 2012 4:17 PM Sorry if I'm being pedantic, but SHA-1 is not an encryption algorithm - it is a cryptographic hash function. http://en.wikipedia.org/wiki/Cryptographic_hash_function On Mon, Mar 19, 2012 at 9:09 AM, Costin Enache wrote: Does anybody have a clue how the PASSPHRASE is encrypted in RACF? It looks very much like SHA (SHA-1 I hope), it depends on both the username and password, but how is it build? -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
