|
midrange.com
Oh boy...
>Tim, you do not need to be able to recover one on the
>other end.
The original question was regarding changing passwords. You can
do this without recovering the new password? Hmm.
>Consider. I encrypt the password on the PC
>using the same encryption IBM uses in OS/400 (if I knew
>what it was).
DES
>I then send the result of this, the encrypted
>passed, to the AS/400 through the network.
Why bother encrypting it? All you've done is swap one token for
another. Any hacker can now use this token to log on as you. Without
some form of challenge/response or PKCS you're compromised.
>Lets take a very simple encryption scheme. You give me any
word,
>and for every letter in it I will put a 1 or a 0. A 1 if it is
>an odd number of the alphabet, a 0 if it's even.
>so CAT = 111
>DOG = 001
>etc...
Now you've delved into the ridiculous. What you're mixing up is
encryption v/s a message digest or signature. Unless the message digest
algorithm is know by both sides it's useless, and given that signatures
of known length/short strings aren't that hard to reverse.
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
