× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. November 2003

RE: iSeries passwords

> > I'm still not sure why you're saying this.   Are you
> saying that the
> > password substitution algorithm used to sending the
> passwords
> > is easy to decrypt for passwords under 10 chars?
> 
> The standard 10 character encryption 'algorithm' on the
> iSeries is a joke.

Yes, but...

You don't have to use it anymore - you can go to QPWDLVL = 3
and not be exposed to the risk of this less than industrial
strength password encryption scheme.  Theoretically you can
configure your system to be really secure using QPWDLVL=3,
so why hasn't everyone gone there already?

The practical answer is because we are all still using
Microsoft technology to connect to the iSeries, and our
users want to be able to seamlessly interoperate between the
two. If you go to QPWDLVL=3, the weaker Windows compliant
scheme is stripped from the password store, and all of our
users will have to signon multiple times - or worse yet,
have different passwords for OS/400 and windows.

Near as I can tell, the most secure alternative is to use a
Kerberos implementation that does not store (and therefore
does not flow) passwords on the iSeries.

So, yes, the 10 character password scheme is a joke, but the
comedians are in Redmond, not Rochester. 

jte


--
John Earl | Chief Technology Officer
The PowerTech Group
19426 68th Ave. S
Seattle, WA 98032
(253) 872-7788 ext. 302
john.earl@xxxxxxxxxxxxxxxxxx
www.powertech.com 
 

 
This email message and any attachments are intended only for
the use of the intended recipients and may contain
information that is privileged and confidential. If you are
not the intended recipient, any dissemination, distribution,
or copying is strictly prohibited. If you received this
email message in error, please immediately notify the sender
by replying to this email message, or by telephone, and
delete the message from your email system.
--

> -----Original Message-----
> From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-
> bounces@xxxxxxxxxxxx] On Behalf Of Hall, Philip
> Sent: Wednesday, November 19, 2003 7:04 AM
> To: Midrange Systems Technical Discussion
> Subject: RE: iSeries passwords
> 
> 
> 
> 
> _______________________________________________
> This is the Midrange Systems Technical Discussion
> (MIDRANGE-L) mailing list
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit:
> http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the
> archives
> at http://archive.midrange.com/midrange-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.