AS400 password encryption

125 pts.
Tags:
AS/400
Encryption
iSeries
Hi, how can I verify the password encryption method used by the AS400/Iseries machine. Thanks. . .

Software/Hardware used:
AS400 / ISeries

Answer Wiki

Thanks. We'll let you know when a new response is added.

For the simple QPWDLVL 0 system value setting, user profile passwords are stored encrypted in an independent index object named QSYUPTBL in library QSYS. The encryption is basic 56-bit DES. A second password using the LANMAN scheme is stored for access through NetServer for Windows clients. QPWDLVL 1 also uses basic DES but eliminates Windows/NetServer passwords. Passwords at these levels have 1 10-character length limit, are upper-case and have only letters and digits plus characters @, # and $.

QPWDLVL 2 is much higher. Passwords can become “pass phrases” up to 128 characters and can include all characters. QPWDLVL 3 eliminates Windows/NetServer passwords from the system. AFAIK, SHA is used for encryption, but I can’t find a direct reference at the moment.

For the older DES encryption, the algorithm is documented in <a href=”http://www.ietf.org/rfc/rfc2877.txt”>5250 Telnet Enhancements</a>, so you should be able to access the QSYUPTBL object and research it. You will, of course, need high authority to access it and MI routines to materialize it.

The system never decrypts passwords. A supplied password is encrypted with the same algorithm and compared against the stored encrypted value.

Tom

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • TomLiotta
    I can't tell what you mean. What do you mean by "verify". Are you hoping to determine if stored passwords are encrypted using a documented method or not? Do you want to know what method is used by the system? (Why?) What password level is your system? Tom
    125,585 pointsBadges:
    report
  • Jerico
    Im indeed trying to identify the encryption algorithm method used by our AS400 machine in storing passwords. Is there a system configuration or file where the passwords are stored? Im need to know these to measure the compliance of our machine according to our company standards. . . Thanks
    125 pointsBadges:
    report
  • Jerico
    Thank you very much Tom. . . that was very detailed. . . Regards. . .Jerry
    125 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following