× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.




Hello,

I need some help with trying to un-encrypting part of a data file that I have on the iSeries. The data is encrypted using something called "FIPS SHA1". From the very little I understand about this it's a hash algorithm. Is there any routines out there or APIs for the iSeries that will allow me to un-encrypt the data?

You can't decrypt a hash.

A hash is like a checksum, except that it's a little more secure. The idea of a checksum is simple... total up all of the numbers and see if they match. For example, an accounting department might total up all of the invoices for the day, check the total monetary amount against a report. If they don't match, you know you added something wrong. So that's a checksum, you add everything up and use that total to verify it.

A hash works pretty much the same way. It's a number generated from the bytes that make up some data. It's a little more secure than a checksum, they take pains that if anything changes in the data, it won't add up to the same number. In my invoice example, if you had two $50 invoices on the report, but a single $100 invoice in the pile of invoices, they'd add up to the same number. In a hash, the number would be different, it's designed to catch ANYTHING being different, so it's superiior to a checksum.

The point is, it's still just a checksum (or hash) of the data. You can't re-create the data from the hash any more than you can determine what the contents of the invoices were from the total.

Hopefully that makes sense.

However, that does not mean that you can't use a hash to verify something. For example, a one-way hash is often used for encrypting passwords. You take the userid and the password and you put them together, create a hash, and store the hash.

Now, when someone tries to decrypt it, they can't, because it's a hash. You'll never find out what their password was.

That doesn't mean that you can't verify the password, however! You can ask the user to enter the userid and password, and you can generate a new hash over it. If it matches the hash from the database, you know that the passwords are the same, and therefore it's valid.

Another name for a hash is a "digest". They're very similar (though, not exactly the same) as Message Authentication Codes (MACs) and Digital Signatures.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.