× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. September 1999

RE: Rewarding Challenge AS/400

Haven't you just told everyone how to decrypt as400 passwords?

If so, isnt that very irresponsible?

>>> -----Original Message-----
>>> From: leif@ibm.net [mailto:leif@ibm.net]
>>> Sent: Saturday, September 18, 1999 6:38 AM
>>> To: MIDRANGE-L@midrange.com
>>> Subject: Re: Rewarding Challenge AS/400
>>> 
>>> 
>>> let me clarify. there are actually TWO encrypted values stored in
>>> the user-password table QSYUPTBL. One is the user id encrypted with
>>> the password, the other is a secret unique key encrypted 
>>> with the password.
>>> The latter is the easier one. If you have access to the 
>>> first you also have
>>> access to the second. Both can be decrypted by brute force. 
>>> There is a
>>> program you can download from the internet that does this.
>>> On a 500 MHz PIII or equivalent the latter takes at most 
>>> 6.7 hours while the
>>> first takes at most 40 times as long. So send me the second 
>>> of the two
>>> encrypted values. Also send the password to someone else on the list
>>> so the validity of my decryption that be verified. The 
>>> encryption method is
>>> in both cases 56-bit DES, which is strong enough at it is. 
>>> The reason we
>>> can crack the encryption is the limited key space (only 40 
>>> different symbols)
>>> and the crummy way IBM has applied the (otherwise strong) 
>>> DES algorithm.
>>> 
>>> ----- Original Message -----
>>> From: <leif@ibm.net>
>>> To: <MIDRANGE-L@midrange.com>
>>> Sent: Friday, September 17, 1999 8:57 PM
>>> Subject: Re: Rewarding Challenge AS/400
>>> 
>>> 
>>> > I'll take you up one that one.
>>> > I'll decrypt it in less than a day.
>>> > ----- Original Message -----
>>> > From: Steve Glanstein <mic@aloha.com>
>>> > To: mr <midrange-l@midrange.com>
>>> > Cc: Leif Svalgaard <leif@ibm.net>
>>> > Sent: Friday, September 17, 1999 4:32 PM
>>> > Subject: Rewarding Challenge AS/400
>>> >
>>> >
>>> > >
>>> > > >The encryption method **may** change from release to 
>>> release, but
>>> between
>>> > > >machines on the same release, and from what I've 
>>> played with, it
>>> **seems**
>>> > > >the same method but who really knows ?
>>> > >
>>> > > It is the same method. For example, the encrypted 
>>> password for user TEST,
>>> > > password TEST is 50C8C4C683D60CE2. This is the same on 
>>> V1R2 through V4R3.
>>> > >
>>> > > This encryption is done with both user id and password. 
>>> No other parts
>>> are
>>> > > needed. For example, if you replace another password 
>>> for TEST with the
>>> > > above hex then TEST will have a password of TEST.
>>> > >
>>> > > Unfortunately the software vendor (you know who I 
>>> mean!)doesn't have
>>> > > enough confidence in the encryption technique to permit 
>>> public analysis
>>> > > and verification that it is truly one way.
>>> > >
>>> > > The answer to people who can crack the AS/400 
>>> password...I'll send them
>>> the
>>> > > encrypted password and see if they can decrypt it! This 
>>> was done several
>>> > > times with PGP and the network went silent.
>>> > >
>>> > > Steve Glanstein
>>> > > mic@aloha.com
>>> > >
>>> > >
>>> > > +---
>>> > > | This is the Midrange System Mailing List!
>>> > > | To submit a new message, send your mail to 
>>> MIDRANGE-L@midrange.com.
>>> > > | To subscribe to this list send email to 
>>> MIDRANGE-L-SUB@midrange.com.
>>> > > | To unsubscribe from this list send email to
>>> > MIDRANGE-L-UNSUB@midrange.com.
>>> > > | Questions should be directed to the list owner/operator:
>>> > david@midrange.com
>>> > > +---
>>> > >
>>> >
>>> > +---
>>> > | This is the Midrange System Mailing List!
>>> > | To submit a new message, send your mail to 
>>> MIDRANGE-L@midrange.com.
>>> > | To subscribe to this list send email to 
>>> MIDRANGE-L-SUB@midrange.com.
>>> > | To unsubscribe from this list send email to
>>> MIDRANGE-L-UNSUB@midrange.com.
>>> > | Questions should be directed to the list owner/operator:
>>> david@midrange.com
>>> > +---
>>> >
>>> 
>>> +---
>>> | This is the Midrange System Mailing List!
>>> | To submit a new message, send your mail to 
>>> MIDRANGE-L@midrange.com.
>>> | To subscribe to this list send email to 
>>> MIDRANGE-L-SUB@midrange.com.
>>> | To unsubscribe from this list send email to 
>>> MIDRANGE-L-UNSUB@midrange.com.
>>> | Questions should be directed to the list owner/operator: 
>>> david@midrange.com
>>> +---
>>> 
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.