× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. April 2016

Re: Encryption algorithm used for the IBMi OS passwords.

Incorrect, a key is simply a random string of binary characters, it contains no intelligence, no logic, and therefore can contain no faulty logic. It is a single data point. Inspection of the key will not show it to be god bad or indifferent. Thus publishing the key can only be bad. An algorithm on the other hand can have flaws, and even experts write code with flaws. Algorithms can indeed benefit from having been published. You see we are back to the part about a strong algorithm being one which can withstand attacks even if your enemy knows the algorithm. Besides, if the hacker has the code, he has the algorithm. If the code is available to anyone outside the organization, he has the code, and thus the algorithm. If the code is available to anyone within the organization, he may have the algorithm. If the code is to be used, it must be available to someone, and the more someones that use the code, the better the chance it is available to the hacker. A private key on the other hand need only be available to the owner, not even the recipient need know that key. So the algorithm is the most insecure part of the equation. Note, even in the shared private key method of cryptology, the more people who know the key, the more insecure that key is, thus the need for symmetric keys.

Mark Murphy
STAR BASE Consulting, Inc.
mmurphy@xxxxxxxxxxxxxxx

-----Nathan Andelin <nandelin@xxxxxxxxx> wrote: -----
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
From: Nathan Andelin <nandelin@xxxxxxxxx>
Date: 04/05/2016 01:14PM
Subject: Re: Encryption algorithm used for the IBMi OS passwords.

Buck,

Of course tools exist which may be used to crack algorithms. Whether "your"
algorithm can be cracked or not depends on a lot of factors. So I reject
the notion that ONLY published algorithms should ever be used. If a hacker
has the algorithm, then he has half the puzzle solved. The other half is
the key, generally. The fact that you "hide" your keys should be viewed as
"security by obscurity", under the definitions and parameters discussed in
this thread.






On Tue, Apr 5, 2016 at 10:46 AM, Buck Calabro <kc2hiz@xxxxxxxxx> wrote:

On 4/5/2016 11:24 AM, Nathan Andelin wrote:
Truth is, hackers can't crack a key until they've first cracked an
algorithm.

I used to think so too, but my thinking changed after reading about
Enigma, Minoan Linear B, and the Copiale cipher (which was very
interesting, as the crackers didn't even know what the plaintext source
language was, much less the algorithm used to generate the ciphertext!)

Unpublished algorithms, used privately, internally could be a
major obstacle to hackers.

Programmer Anonymous /could be/ the 1,975,623rd 'inventor' of ROT-13.
Or he /could be/ Adi Shamir.  Given the distribution of crypto
proficiency among the general population, is not the former
statistically more probable than the latter?

--
  --buck

Trust, but verify.



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.