|
There are TWO encrypted16-byte values. I'm getting a bit tired keep saying this... ----- Original Message ----- From: Don <dr2@cssas400.com> To: Douglas Handy <dhandy@isgroup.net> Cc: <MIDRANGE-L@midrange.com> Sent: Tuesday, September 21, 1999 8:53 PM Subject: Re: Rewarding Challenge AS/400 > > > Last I recall the PW is kept in a 16byte field as the internal encryption > routine returns a 8 byte parm...I'm pulling from a VERY tired memory right > now and am at a clients so don't ahve my hacker manuals handy...:) > > As I recall, the stored/output field should be large enough to handle the > proper bounded des macro/MI instruct output to maintain uniqueness... > > Don in DC > > ---------- > > On Tue, 21 Sep 1999, Douglas Handy wrote: > > > Leif, > > > > >BTW, there is no extra security in having a password longer than seven > > >characters. You can safely cut it to LXPQ94K and save yourself some typing. > > > > Are you sure it is 7 characters not 8? > > > > The normal DES-56 uses 8 bytes for the key, but drops every 8th bit so > > only uses 56 of the 64 bits. However 7 of the 8 bits in the 8th byte > > are used in the cryptokey (in normal DES-56), although I do not > > pretend to know if the 400 uses the same implementation and/or if the > > encryption key is other than the first 8 bytes of the password. > > > > ** Later ** > > > > OK, I just ran a little test with user-id TEST and the following > > passwords, then checked the encrypted password, and it seemed to > > verify my assertion: > > > > LXPQ94K = D836DB87 D883E5A4 > > LXPQ94K$ = 5CF3B56B 2922B4A2 > > LXPQ94K$_ = 5CF3B56B 2922B4A2 > > LXPQ94K$_Y = 5CF3B56B 2922B4A2 > > > > Of course, other things in the profile change when the password is > > over 8 bytes long. But I agree the strength of the security does not > > improve over 8 bytes (of which 56 bits are used). > > > > Doug > > +--- > > | This is the Midrange System Mailing List! > > | To submit a new message, send your mail to MIDRANGE-L@midrange.com. > > | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. > > | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. > > | Questions should be directed to the list owner/operator: david@midrange.com > > +--- > > > > +--- > | This is the Midrange System Mailing List! > | To submit a new message, send your mail to MIDRANGE-L@midrange.com. > | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. > | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. > | Questions should be directed to the list owner/operator: david@midrange.com > +--- > +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
