× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. April 2016

Re: Encryption algorithm used for the IBMi OS passwords.

I saw many other answers, but wanted to share when
I was asked similar question. Here is what I got back from IBM:

We document the password encryption methods as follows:
.
OS Passwords
.
Here is an explanation of how the passwords for operating system user
profiles are encrypted at each password level:
.
1. For systems running at QPWDLVL of 0 or 1, the password is used as
the key to encrypt a known character string, which is different for each
user profile, using the DES (symmetric) algorithm. The password itself
is not encrypted nor stored on the system. The data encrypted using the
password as the key is what is stored on the system.
.
2. For systems running at QPWDLVL of 2 or 3, the password is
concatenated to a known character string, which is different for each
user profile, and is hashed using the SHA-1 algorithm. This is a
one-way cryptographic hash algorithm. The resulting hashed value is what
is stored on the system.
.
When it is time to authenticate a profile, the system will take the
clear text password that the user entered (on the signon screen, eg.),
run the same algorithm and compare the new encrypted result with the
encrypted result that was created at password change time.
.
There is never a comparison done of the clear text password itself. A
clear text password is never stored, so a clear text password is never
available to be retrieved. With either encryption algorithm, passwords
are one-way encrypted ... meaning you can never decrypt and get back the
clear text password.



JWGrant@xxxxxxxxxxxxxxx wrote on 3/31/2016 4:42 PM:
I have auditors that are being persistent and are inquiring about the
encryption algorithm that
is used for the IBMi OS at the various password levels?

We are running our IBMi's at 7.1 and a password level of 3.

I searched the archive forums and founds some older information but
nothing current.
I see older info pointing to the use of sha-1 (160 bit) but assume that it
may have changed at 6.1 or higher.

I assume IBM does not make the algorithm public but it would be nice to
give the auditors some information.

Does any body have any more current information?

Jim

Jim W Grant
Senior VP, Chief Information Officer
Web: www.pdpgroupinc.com


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.