• Subject: Re: Fw: Rewarding challenge AS/400...
  • From: "Phil Hall" <hallp@xxxxxxxx>
  • Date: Thu, 16 Sep 1999 16:50:20 -0500

Larry,

> > This doesn't stop a brute force attack.
>
>   Unless QMAXSIGN is set to *NOMAX, I disagree.  Once the QMAXSIGN
> value is reached, there is no way to do any more compares to the
> encrypted version.

Yes, that's true. But someone serious enough to really pose a threat to
AS/400 security would not be trying a brute force method of attack on a
remote AS/400 they've just discoverd on the net. Remember, most of the
security flaws, back doors, holes, etc are found by people who have a
machine (in most cases an Unix machine, more recently Windows/NT) of their
own to play with and work on finding the weaknesses without the worry of
being caught in the early stages of probing. Also ported code causes/carries
issues across platforms (remember 'sendmail' ? and more recently some of the
denial of service attacks caused by the source to the low level TCP/IP code
being readily available - the denial attacks also effect the AS/400, because
of the code port from AIX)

I'd be wary of putting the newly ported Netscape Web Server on a AS/400, not
because of the quality of the port, but because it's a daily target on other
platforms.

>   If you are refering to the QPWDRQDDGT and all it's friends and
> neighbors these are enforced before the password is encrypted I
> beieve.  Changes to those values have no affect on passwords already
> on the system (and therefore already encrypted)
>

I hope I answered this in a previous mail...

--phil

+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.