...@sita.co.za
To: IBM-MAIN@LISTSERV.UA.EDU
Sent: Sunday, 8 September 2013, 17:17
Subject: Re: RACF Database protection
Shmuel Metz (Seymour J.) wrote:
You can wish, but big blue wants backward compatibility,
How is that an obstacle? If they do it, I'm sure that there will be a switch
to enable
In
0539133098161601.wa.elardus.engelbrechtsita.co...@listserv.ua.edu,
on 09/05/2013
at 03:31 AM, Elardus Engelbrecht elardus.engelbre...@sita.co.za
said:
You can wish, but big blue wants backward compatibility,
How is that an obstacle? If they do it, I'm sure that there will be a
switch to
Shmuel Metz (Seymour J.) wrote:
You can wish, but big blue wants backward compatibility,
How is that an obstacle? If they do it, I'm sure that there will be a switch
to enable the new algorithm and that, once enabled, the new algorithm will
only be used incrementally.
Agreed, Shmuel. Thanks
Database protection
On 4 September 2013 04:07, Costin Enache e_cos...@yahoo.com wrote:
It may not be APARable. Even if you fix the bug, what do you do with the old
password phrases? Maybe update the RACF database with a secure hash value
once the user logs in (to add the previously discarded
Costin Enache wrote:
Wishful thinking: that IBM, if they decide to change the algorithm, will learn
the advantages of open, secure and open to debate cryptography over secret,
obfuscated and most often broken schemes.
You can wish, but big blue wants backward compatibility, so it is unlikely
W dniu 2013-09-04 04:32, FRANCIS SOUSA pisze:
Ask your network guys to restrict FTP, maybe use ACL ?
It doesn't help.
The problem is in READ to the dataset not the ability to use *one of
existing* transfer methods.
Protect resources, not the tools.
--
Radoslaw Skorupka
Lodz, Poland
--
Sent: Wednesday, 4 September 2013, 1:11
Subject: Re: RACF Database protection
On 3 September 2013 09:41, Costin Enache e_cos...@yahoo.com wrote:
The phrase clear text is already padded with spaces to a multiple of 8, but,
after encryption, the resulting hash is truncated to the length
On 4 September 2013 04:07, Costin Enache e_cos...@yahoo.com wrote:
It may not be APARable. Even if you fix the bug, what do you do with the old
password phrases? Maybe update the RACF database with a secure hash value
once the user logs in (to add the previously discarded hash bytes), but the
From: Paul Gilmartin paulgboul...@aim.com
To: IBM-MAIN@LISTSERV.UA.EDU
Sent: Monday, 2 September 2013, 22:09
Subject: Re: RACF Database protection
The password phrase hash can be split into blocks of 8 bytes, and each of
them cracked independently, also
On Tue, 3 Sep 2013 14:41:49 +0100, Costin Enache wrote:
The password phrase hash can be split into blocks of 8 bytes, and each of
them cracked independently, also in parallel.
Sounds like a half-hearted implementation -- what would have been the
additional cost of using larger blocks?
So I
The DES modes are good for protecting a secret plaintext with a DES key, but in
our case we have a short, known plaintext - the username, which is encrypted
with the password (or with blocks of the password phrase). So we have a long
key with a short plaintext, instead of a long plaintext with
On 3 September 2013 09:41, Costin Enache e_cos...@yahoo.com wrote:
The phrase clear text is already padded with spaces to a multiple of 8, but,
after encryption, the resulting hash is truncated to the length of the
original clear text, minus the padding. This leaves us with an incomplete DES
Ask your network guys to restrict FTP, maybe use ACL ?
On Sat, Aug 17, 2013 at 4:02 AM, mmjuma mmj...@yahoo.com wrote:
Hi list
Some one in our section, he was able to download RACF data base file
SYS1.RACF.PRIM via ftp to PC, then he used some tool. He was able to get
uid and password of
From: Walt Farrell walt.farr...@gmail.com
To: IBM-MAIN@LISTSERV.UA.EDU
Sent: Saturday, 17 August 2013, 19:54
Subject: Re: RACF Database protection
On Sat, 17 Aug 2013 10:30:57 -0700, Skip Robinson jo.skip.robin...@sce.com
wrote:
This exposure has been known--and discussed publicly
:: -Original Message-
:: From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
:: Behalf Of Costin Enache
:: Sent: Sunday, September 01, 2013 12:04 PM
:: To: IBM-MAIN@LISTSERV.UA.EDU
:: Subject: Re: RACF Database protection
::
:: Small
:: clarification: The usage
Discussion List [mailto:rac...@listserv.uga.edu] On Behalf Of majuma
Sent: Saturday, August 17, 2013 9:48 AM
To: rac...@listserv.uga.edu
Subject: Fwd: RACF Database protection
Hi list,
Some one in our section, he was able to download RACF data base file
SYS1.RACF.PRIM via ftp to PC, the file is UACC
W dniu 2013-08-18 06:50, Paul Gilmartin pisze:
On Sat, 17 Aug 2013 12:54:41 -0500, Walt Farrell wrote:
RACF encrypts the user ID using the password as the key, and stores the
encrypted user ID. The password itself is not saved, in any form.
What happens when the user ID changes?
It won't
: Fwd: RACF Database protection
Hi list,
Some one in our section, he was able to download RACF data base file
SYS1.RACF.PRIM via ftp to PC, the file is UACC is none.
then he used some tool to get uid and password of some users. I want to
understand what happend, and how to protect against
California Edison Company
Electric Dragon Team Paddler
SHARE MVS Program Co-Manager
626-302-7535 Office
323-715-0595 Mobile
jo.skip.robin...@sce.com
From: mmjuma mmj...@yahoo.com
To: IBM-MAIN@LISTSERV.UA.EDU,
Date: 08/17/2013 01:04 AM
Subject:RACF Database
In 791e2a3e-e500-46bd-98a9-02f34c650...@gmail.com, on 08/18/2013
at 08:48 AM, Louis Losee llo...@gmail.com said:
It is typically a difficult task to get a list of user ids without
read access to the RACF database.
It's easy to approximate.
--
Shmuel (Seymour J.) Metz, SysProg and JOAT
In 520f48c1.1010...@bremultibank.com.pl, on 08/17/2013
at 11:56 AM, R.S. r.skoru...@bremultibank.com.pl said:
Everyone with computer and the db
Presumably the point is that you *don't* have access to his RACF DB.
--
Shmuel (Seymour J.) Metz, SysProg and JOAT
Atid/2
Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU]
On Behalf Of Skip Robinson
Sent: Saturday, August 17, 2013 10:31 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: [IBM-MAIN] RACF Database protection
This exposure has been known--and discussed publicly--for several years.
It is NOT true
Hi list
Some one in our section, he was able to download RACF data base file
SYS1.RACF.PRIM via ftp to PC, then he used some tool. He was able to get uid
and password of some users. He had now access to the file in mainframe. I want
to understand what happend, and how to protect against such
@LISTSERV.UA.EDU
Date: Sat, 17 Aug 2013 11:02:29
To: IBM-MAIN@LISTSERV.UA.EDU
Reply-To: IBM Mainframe Discussion List IBM-MAIN@LISTSERV.UA.EDU
Subject: RACF Database protection
Hi list
Some one in our section, he was able to download RACF data base file
SYS1.RACF.PRIM via ftp to PC
W dniu 2013-08-17 10:02, mmjuma pisze:
Hi list
Some one in our section, he was able to download RACF data base file
SYS1.RACF.PRIM via ftp to PC, then he used some tool. He was able to get uid
and password of some users. He had now access to the file in mainframe. I want
to understand what
It's easy: he has READ to the db. He should have it.
Why should he have it? Nobody needs read access to any password, copy, or
back-up!
Regarding passwords: no password is recorded in the db, but having the
db he's able to use brute-force method to find the passwords.
He wouldn't be able to
W dniu 2013-08-17 10:57, Ted MacNEIL pisze:
It's easy: he has READ to the db. He should have it.
Why should he have it? Nobody needs read access to any password, copy, or
back-up!
My typo: he SHOULD NOT have it.
Even for backup purposes. (WHEN(PROGRAM(IRRUT200)) is the solution for
ad-hoc
mmjuma wrote:
Some one in our section, he was able to download RACF data base file
SYS1.RACF.PRIM ...
You and that someone should stay away from my z/OS! Your protection of RACF DB
and all its backups are pathetic. UACC should be NONE (see other's replies).
... via ftp to PC,
Your FTP is
-MAIN@LISTSERV.UA.EDU
Subject: RACF Database protection
Hi list
Some one in our section, he was able to download RACF data base file
SYS1.RACF.PRIM via ftp to PC, then he used some tool. He was able to get uid
and password of some users. He had now access to the file in mainframe. I want
jo.skip.robin...@sce.com
From: mmjuma mmj...@yahoo.com
To: IBM-MAIN@LISTSERV.UA.EDU,
Date: 08/17/2013 01:04 AM
Subject:RACF Database protection
Sent by:IBM Mainframe Discussion List IBM-MAIN@LISTSERV.UA.EDU
Hi list
Some one in our section, he was able to download RACF data base
On Sat, 17 Aug 2013 10:30:57 -0700, Skip Robinson jo.skip.robin...@sce.com
wrote:
This exposure has been known--and discussed publicly--for several years.
It is NOT true that 'passwords are not stored'. If they weren't 'stored'
at all, then how could RACF validate the password you supply? They
On 8/17/2013 1:54 PM, Walt Farrell wrote:
Where possible, you can switch to the use of password phrases rather
than passwords. You're right that the brute fore attacks are
increasingly simple for mere 8-byte passwords, but password phrases
give you longer values (minimum 14 by default, though
: RACF Database protection
Sent by:IBM Mainframe Discussion List IBM-MAIN@LISTSERV.UA.EDU
On Sat, 17 Aug 2013 10:30:57 -0700, Skip Robinson
jo.skip.robin...@sce.com wrote:
This exposure has been known--and discussed publicly--for several years.
It is NOT true that 'passwords are not stored
On 17 August 2013 13:54, Walt Farrell walt.farr...@gmail.com wrote:
Where possible, you can switch to the use of password phrases rather than
passwords. You're right that the brute fore attacks are increasingly simple
for mere 8-byte passwords, but password phrases give you longer values
On Sat, 17 Aug 2013 12:54:41 -0500, Walt Farrell wrote:
RACF encrypts the user ID using the password as the key, and stores the
encrypted user ID. The password itself is not saved, in any form.
What happens when the user ID changes? (We suffer a corporate
standard that user ID _shall_ be
:: -Original Message-
:: From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
:: Behalf Of mmjuma
:: Sent: Saturday, August 17, 2013 1:02 AM
:: To: IBM-MAIN@LISTSERV.UA.EDU
:: Subject: RACF Database protection
::
:: Hi list
::
:: Some one in our section, he was able
36 matches
Mail list logo
