× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MI400
  3. August 2001

Re: ca signon encryption

Thanks all,

here is the excerpt from rfc2877:

5. Enhanced Display Auto-Signon and Password Encryption
   Several 5250 Telnet server specific USERVAR's will be defined.  One
   will carry a random seed to be used in Data Encryption Standard (DES)
   password encryption, and another will carry the encrypted copy of the
   password.  This would use the same 7-step DES-based password
   substitution scheme as APPC and Client Access.  For a description of
   DES encryption, refer to Federal Information Processing Standards
   Publications (FIPS) 46-2 [17] and 81 [18], which can be found at the
   Federal Information Processing Standards Publications link:
   http://www.itl.nist.gov/div897/pubs/by-num.htm
   For a description of the 7-step password substitution scheme, refer
   to these IBM Customer Support FTP Server links:
   ftp://ftp.networking.ibm.com/pub/standards/ciw/sig/sec/pwsubciw.ps
   ftp://ftp.networking.ibm.com/pub/standards/ciw/sig/sec/pwsubciw.ps.Z
   ftp://ftp.networking.ibm.com/pub/standards/ciw/sig/sec/pwsubciw.zip
   If encrypted password exchange is not required, clear-text password
   exchange is permitted using the same USERVAR's defined for
   encryption.  For this case, the random client seed should be set to
   either an empty value (RFC 1572 preferred method) or to hexadecimal
   zeros to indicate the password is not encrypted, but is clear-text.
   It should be noted that security of clear-text password exchange
   cannot be guaranteed unless the network is physically protected or a
   trusted network (such as an intranet).  If your network is vulnerable
   to IP address spoofing or directly connected to the Internet, you
   should engage in encrypted password exchange to validate a clients
   identity.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.