Good News Everybody!
The new search engine is LIVE!
Please report any problems to david (at) midrange.com.
|
I have absolutely no idea what the current implementation is, but way--
back in S/38 days it was encrypting text under the password and
throwing away/clearing the password. The text just happened to be the
*usrprf name
:)
On Wed, Mar 17, 2021 at 1:29 PM Rob Berendt <rob@xxxxxxxxx> wrote:
-- How to verify passwords without ever storing passwords.
-- Thanks to Darren Strong of Dekko.
-- The basic concept is that you do not store the password.
-- Instead you store a common string encrypted by the password.
-- As a war on 5250 tools the "short names" are obscured.
set current schema = 'ROB';
CREATE OR REPLACE TABLE Security_table for system name T000000001 (
Security_id for column C000000001 varchar(100) ALLOCATE(10) not null
constraint Security_table_primary_key PRIMARY KEY, Security_name for
column C000000002 varchar(100) ALLOCATE(25) not null,
Password_Encryption for column C000000003 varchar(256) FOR BIT DATA
)
RCDFMT T00000001R
;
-- Let's say the password is Budweiser#01.
-- So you encrypt the word VALID with that as an encryption key and
all you are really storing is VALID.
insert into Security_table (
Security_id, Security_name, Password_Encryption) Values('ROB', 'Rob
Berendt', ENCRYPT_TDES(varchar('VALID'), 'Budweiser#01'));
-- Now when they enter their password you pass that as a decryption
key to see if it is valid.
Select DECRYPT_CHAR(Password_Encryption, 'Budweiser#01') from
Security_table where Security_id = 'ROB';
-- Test to see if the user 'ROB' was found'
-- Test to see if the encryption key was valid by checking the value
returned.
-- If the value returned was not the word VALID the person entered an
invalid password.
-- Or don't let the user know they guessed the userid and return
generic error if either is invalid.
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600
Mail to: 7310 Innovation Blvd, Suite 104 Ft. Wayne, IN 46818 Ship
to: 7310 Innovation Blvd, Dock 9C Ft. Wayne, IN 46818
http://www.dekko.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related questions.
Help support midrange.com by shopping at amazon.com with our
affiliate
link: https://amazon.midrange.com
--
Thanks and Regards,
Bruce
931-505-1915
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
