Register

Forgot Password

Site FAQ

Home > IT Answers > AS/400 > AS400 password encryption

Jerico

125 pts.

AS400 password encryption

AS/400, Encryption, iSeries

Hi, how can I verify the password encryption method used by the AS400/Iseries machine. Thanks. . .

Software/Hardware used:
AS400 / ISeries

ASKED: April 24, 2010 9:01 AM

UPDATED: April 26, 2010 2:29 PM

RELATED QUESTIONS

Answer Wiki:

For the simple QPWDLVL 0 system value setting, user profile passwords are stored encrypted in an independent index object named QSYUPTBL in library QSYS. The encryption is basic 56-bit DES. A second password using the LANMAN scheme is stored for access through NetServer for Windows clients. QPWDLVL 1 also uses basic DES but eliminates Windows/NetServer passwords. Passwords at these levels have 1 10-character length limit, are upper-case and have only letters and digits plus characters @, # and $. QPWDLVL 2 is much higher. Passwords can become "pass phrases" up to 128 characters and can include all characters. QPWDLVL 3 eliminates Windows/NetServer passwords from the system. AFAIK, SHA is used for encryption, but I can't find a direct reference at the moment. For the older DES encryption, the algorithm is documented in <a href="http://www.ietf.org/rfc/rfc2877.txt">5250 Telnet Enhancements</a>, so you should be able to access the QSYUPTBL object and research it. You will, of course, need high authority to access it and MI routines to materialize it. The system never decrypts passwords. A supplied password is encrypted with the same algorithm and compared against the stored encrypted value. Tom

QPWDLVL 2 is much higher. Passwords can become "pass phrases" up to 128 characters and can include all characters. QPWDLVL 3 eliminates Windows/NetServer passwords from the system. AFAIK, SHA is used for encryption, but I can't find a direct reference at the moment.

For the older DES encryption, the algorithm is documented in <a href="http://www.ietf.org/rfc/rfc2877.txt">5250 Telnet Enhancements</a>, so you should be able to access the QSYUPTBL  object and research it. You will, of course, need high authority to access it and MI routines to materialize it.

The system never decrypts passwords. A supplied password is encrypted with the same algorithm and compared against the stored encrypted value.

Tom

Last Wiki Answer Submitted: April 26, 2010 6:12 am by TomLiotta

107,845 pts.

All Answer Wiki Contributors: TomLiotta

107,845 pts.

To see all answers submitted to the Answer Wiki: View Answer History.

RSS - Discussions Help

Discuss This Question:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

POSTED: Apr 25, 2010 9:09 AM (GMT)

I can’t tell what you mean. What do you mean by “verify”. Are you hoping to determine if stored passwords are encrypted using a documented method or not? Do you want to know what method is used by the system? (Why?) What password level is your system?

Tom

TomLiotta

107,845 pts.

POSTED: Apr 25, 2010 3:58 PM (GMT)

Im indeed trying to identify the encryption algorithm method used by our AS400 machine in storing passwords. Is there a system configuration or file where the passwords are stored? Im need to know these to measure the compliance of our machine according to our company standards. . . Thanks

Jerico

125 pts.

POSTED: Apr 26, 2010 2:29 PM (GMT)

Thank you very much Tom. . . that was very detailed. . .

Regards. . .Jerry

Jerico

125 pts.

Ask a Question

Browse IT Answers by Topic

>>VIEW ALL TAGS

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2013, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags