Well, the standard DES crypto for RACF (iSeries also) is using the password as the key to encrypt the username (profile name). In a practical sense, it is like hashing - the key is never stored on the system, so it cannot get stolen. It is also quite strong, but the algo is outdated and crippling it by dropping 8 bits makes it even weaker; the character set is also relatively small, enabling easy cracking. A decent AES, with mixed case and large charset, would quicly resolve the classical issue. Costin
________________________________ From: Paul Gilmartin <[email protected]> To: [email protected] Sent: Monday, March 19, 2012 5:34 PM Subject: Re: Password Phrase Encryption Algo? On Mon, 19 Mar 2012 16:19:37 +0000, Costin Enache wrote: >Of course. The final result looks like SHA-1, but several operations could >take place before - DES, etc. At the end it is a cryptographic operation. The >corect question would be - how are the passwords hashed, and potentially >encrypted, for RACF passworh phrases? > A one-way hash should be preferble to encryption because there should be no possibility that the key could be stolen. A dual-key ciphersystem with one key discarded is comparable to a one-way hash. ________________________________ From: Kirk Wolf Sent: Monday, March 19, 2012 4:17 PM Sorry if I'm being pedantic, but SHA-1 is not an encryption algorithm - it is a cryptographic hash function. http://en.wikipedia.org/wiki/Cryptographic_hash_function On Mon, Mar 19, 2012 at 9:09 AM, Costin Enache wrote: > > Does anybody have a clue how the > PASSPHRASE is encrypted in RACF? It looks very much like SHA (SHA-1 I > hope), it depends on both the username and password, but how is it > build? -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
