× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. November 2010

Re: Password stash files (for keystore passwords)?

There are a couple of different password stash files and the answer may be different depending on if you are asking about a specific password stash or password stashes in general.

The OS uses stashed password files for several different purposes: keyring management, iSeries access, directory services, and I'm sure there are more. In addition, some IBM apps uses password stash files; the most obvious one that comes to mind is WAS. Many common tcp/ip applications also use "password stashes" although they may not be called a stash.

The stashed password files used by the OS are much more secure than the average stash file, because the data is stored in internal objects (and encrypted). Most if not all of the IBM application password stash files are encrypted, but not stored in internal objects.

If the password stash is directly accessible to user state programs and the information is not encrypted, it is not, in my opinion, secure (even if the permissions are set to prevent anyone other than the owner from reading them).

I hope this is the information you were looking for....

Patrick Botz
President, Botz& Associates, Inc.
Home/Office: 1-507-319 5206
Mobile : 1-507-250-5644
mailto:pcbotz@xxxxxxxxx

___________________________

CONFIDENTIALITY NOTICE: This email message and any attachment to this email message contain information that may be privileged and confidential. This email and any attachments are intended solely for the use of the individual or entity named above (the recipient) and may not be forwarded to or shared with any third party. If you are not the intended recipient and have received this email in error, please notify us by return e-mail or by telephone at 507-285-9048 and delete this message. This notice is automatically appended to each email message leaving Botz& Associates, Inc. Thank You.


On 11/15/2010 10:28 AM, James H. H. Lampert wrote:
Does anybody here know enough about password stash files to explain them
to me, and explain how a stash file is any more secure than an actual
exposed password? Or can anybody refer me to an appropriate document?

--
JHHL


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.