|
Thanks everyone who replied! The MD5 seems to work okay. The reason I wanted it, and you will too in the future, is for e-commerce or web-based applications. You store a list of users and MD5-encoded passwords in a database, these people can access your application. Why not use OS/400 security? The biggest reason is to not create a bunch of user profiles. If your AS?400 is on the Internet, it is much more prudent to populate a simple user database than manage user profiles whose sole functions is to get to your application. Also, if you don't create user profiles, then the user, even if they can use your application, cannot FTP into your AS/400 because they don't have a valid OS/400 user id. Their only interface is essentially through the browser. You can easily encrypt passwords on the browser using an MD5 Javascript. For "simple" password protection that is reasonably secure, and without the hassle of maintaining Apache's "basic authentication" or similar, MD5 is a very good tool. My biggest concern is the translation from EBCDIC to ASCII. For "the rest of the world", the MD5 hash is 32 alphanumeric characters ASCII, publicly "tradable" through email, etc. On the AS/400, the MD5 hash is 16 bytes, whose hexadecimal representation is the MD5. IE, the AS/400 version is not directly readable. Other MD5 hash programs output the text string of 32 characters. This can be overcome by using a MD5 wrapper procedure, I'm sure. My issue is this: On the MD5.c file, there are a series of 7 test cases to "prove" the MD5 implementation is correct: "", d41d8cd98f00b204e9800998ecf8427e "a", 0cc175b9c0f1b6a831c399e269772661 "abc", 900150983cd24fb0d6963f7d28e17f72 "message digest", f96b697d7cb7938d525a2f31aaf161d0 "abcdefghijklmnopqrstuvwxyz", c3fcd3d76192e4007dfb496cca67e13b "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", d174ab98d277d9f5a5611c2c9f419d9f "123456789012345678901234567890123456789012345678901234567890123456789012345 67890", 57edf4a22be3c955ac49da2e2107b67a Unfortunately, this is not directly comparable on the AS/400, because of ASCII/EBCDIC translation. For my test case, I had to directly compare ASCII "P" with EBCDIC "&" to achieve MD5: 44 c2 9e db 10 3a 28 72 f5 19 ad 0f da aa. Given the fact that a "normal" MD5 is alphanumeric and the AS/400 MD5 is the hex representation of bytes, and of the ASCII/EBCDIC translation, will this be of real use when using the AS/400 to serve web pages, if you want to use MD5 as a password protection mechanism? Loyd -----Original Message----- From: Don [mailto:dr2@cssas400.com] Sent: Monday, June 26, 2000 3:46 PM To: Leif Svalgaard Cc: MIDRANGE-L@midrange.com Subject: Re: MD5 via RPG? Leif, would you be interested in posting that to the list? I think MD5 is going to get alot more popularity in the near future... Don in DC On Mon, 26 Jun 2000, Leif Svalgaard wrote: > > Does anyone have a procedure to compute a MD5 hash on the AS/400? > > Preferably, it would be called from an RPG program. I don't want RPG code > > (necessarily) to do it, but a method or procedure. Unfortunately, I don't > > have a C compiler. > > Every AS/400 has an MI-instruction CYPHER that can compute an MD5 > hash. If you want an MI-program you can call to do this let me know. +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.