All,
Can anybody point me to offical IBM documents that describe what
encryption algorithm is used at the various password levels?
I found the following:
http://itknowledgeexchange.techtarget.com/itanswers/as400-password-encryption/
"For the simple QPWDLVL 0 system value setting, user profile passwords
are stored encrypted in an independent index object named QSYUPTBL in
library QSYS. The encryption is basic 56-bit DES"
Also:
http://www.common.be/pdffiles/27042001os.pdf
"Starting with V5R1, all passwords are also encrypted using SHA-1. If
the value of "0" or "1" is being used, the DES
encryption is being used to signon as was done before. If a value of
"2" or "3" is selected, an SHA-1 generated
password token is used to signon.
To enable migration, the DES encryption value for level "0" to "2" is
kept on the system for each user ID and
password. At level "0" to "2", newly created user IDs and passwords
will continue to have both a DES and a SHA-1
encrypted version of their password. For level "3", only the SHA-1
version is created, stored and used.
The clear text password will be encrypted producing a 20-byte password
token (also referred to as 'passphrase') as
follows:"
The common presentation has a nice table showing summarizing the
differences but doesn't mention that it's a 56(?) bit DES or what
size SHA-1 is ( I believe all SHA is 160 bit correct?)
Thanks!
Charles Wilt
midrange.com
