Here's some sample RPG code which takes into consideration the EBCDIC
to ASCII conversion, the hash generation, and the creation of a
suitable text string.  The program assumes that EBCDIC means CCSID 37
and ASCII CCSID 819.  These assumptions may not hold true for all
languages.

Bruce

     H DFTACTGRP(*NO) ACTGRP('QILE') BNDDIR('QC2LE')
     DCipher           PR                  EXTPROC('_CIPHER')
     D                                 *   VALUE
     D                                 *   VALUE
     D                                 *   VALUE
     DConvert          PR                  EXTPROC('_XLATEB')
     D                                 *   VALUE
     D                                 *   VALUE
     D                               10u 0 VALUE
     Dcvthc            PR                  EXTPROC('cvthc')
     D                                1
     D                                1
     D                               10i 0 VALUE
     DControls         DS
     D Function                       5i 0 inz(5)
     D HashAlg                        1    inz(x'00')
     D Sequence                       1    inz(x'00')
     D DataLngth                     10i 0 inz(15)
     D Unused                         8    inz(*LOVAL)
     D HashCtxPtr                      *   inz(%addr(HashWorkArea))
     DHashWorkArea     S             96    inz(*LOVAL)
     DMsg              S             50
     DReceiverHex      S             16
     DReceiverPtr      S               *   inz(%addr(ReceiverHex))
     DReceiverChr      S             32
     DSourcePtr        S               *   inz(%addr(Msg))
     DStartMap         s            256
     DTo819            s            256
     DCCSID1           s             10i 0 inz(37)
     DST1              s             10i 0 inz(0)
     DL1               s             10i 0 inz(%size(StartMap))
     DCCSID2           s             10i 0 inz(819)
     DST2              s             10i 0 inz(0)
     DGCCASN           s             10i 0 inz(0)
     DL2               s             10i 0 inz(%size(To819))
     DL3               s             10i 0
     DL4               s             10i 0
     DFB               s             12
     D                 ds
     D x                              5i 0
     D LowX                    2      2
     D* Get all single byte ebcdic hex values
     C     0             do        255           x
     C                   eval      %subst(StartMap:x+1:1) = LowX
     C                   enddo
     C* Get conversion table for 819 from 37
     C                   call      'QTQCVRT'
     C                   parm                    CCSID1
     C                   parm                    ST1
     C                   parm                    StartMap
     C                   parm                    L1
     C                   parm                    CCSID2
     C                   parm                    ST2
     C                   parm                    GCCASN
     C                   parm                    L2
     C                   parm                    To819
     C                   parm                    L3
     C                   parm                    L4
     C                   parm                    FB
     C* Set message text
     C                   eval      Msg = 'message digest'
     C                   eval      DataLngth = %len(%trimr(Msg))
     C* Now Change Msg to 819 from 37 using MI
     C                   callp     Convert( %addr(Msg)
     C                                     :%addr(To819)
     C                                     :%size(Msg))
     C* Get MD5 for Msg
     C                   callp     Cipher( %addr(ReceiverPtr)
     C                                    :%addr(Controls)
     C                                    :%addr(SourcePtr))
     C* Convert nibbles to characters
     C                   callp     cvthc( ReceiverChr
     C                                   :ReceiverHex
     C                                   :%size(ReceiverChr))
     C* Display the "proof"
     C     ReceiverChr   dsply
     C                   eval      *INLR = '1'
     C                   return

>
>Thanks everyone who replied!
>The MD5 seems to work okay.
>
>The reason I wanted it, and you will too in the future, is for e-commerce or
>web-based applications.
>
>You store a list of users and MD5-encoded passwords in a database, these
>people can access your application. Why not use OS/400 security? The biggest
>reason is to not create a bunch of user profiles. If your AS?400 is on the
>Internet, it is much more prudent to populate a simple user database than
>manage user profiles whose sole functions is to get to your application.
>Also, if you don't create user profiles, then the user, even if they can use
>your application, cannot FTP into your AS/400 because they don't have a
>valid OS/400 user id. Their only interface is essentially through the
>browser. You can easily encrypt passwords on the browser using an MD5
>Javascript. For "simple" password protection that is reasonably secure, and
>without the hassle of maintaining Apache's "basic authentication" or
>similar, MD5 is a very good tool.
>
>My biggest concern is the translation from EBCDIC to ASCII.
>
>For "the rest of the world", the MD5 hash is 32 alphanumeric characters
>ASCII, publicly "tradable" through email, etc. On the AS/400, the MD5 hash
>is 16 bytes, whose hexadecimal representation is the MD5. IE, the AS/400
>version is not directly readable. Other MD5 hash programs output the text
>string of 32 characters. This can be overcome by using a MD5 wrapper
>procedure, I'm sure.
>
>My issue is this: On the MD5.c file, there are a series of 7 test cases to
>"prove" the MD5 implementation is correct:
>
>"", d41d8cd98f00b204e9800998ecf8427e
>"a", 0cc175b9c0f1b6a831c399e269772661
>"abc", 900150983cd24fb0d6963f7d28e17f72
>"message digest", f96b697d7cb7938d525a2f31aaf161d0
>"abcdefghijklmnopqrstuvwxyz", c3fcd3d76192e4007dfb496cca67e13b
>"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
>d174ab98d277d9f5a5611c2c9f419d9f
>"123456789012345678901234567890123456789012345678901234567890123456789012345
>67890", 57edf4a22be3c955ac49da2e2107b67a
>
>Unfortunately, this is not directly comparable on the AS/400, because of
>ASCII/EBCDIC translation. For my test case, I had to directly compare ASCII
>"P" with EBCDIC "&" to achieve MD5: 44 c2 9e db 10 3a 28 72 f5 19 ad 0f da
>aa.
>
>Given the fact that a "normal" MD5 is alphanumeric and the AS/400 MD5 is the
>hex representation of bytes, and of the ASCII/EBCDIC translation, will this
>be of real use when using the AS/400 to serve web pages, if you want to use
>MD5 as a password protection mechanism?
>
>Loyd
>


+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].