PASSWORD location.



All about SAF, RACF, encryption, Firewall, Risk assessment and integrity concepts

PASSWORD location.

Postby XY09 » Fri Apr 15, 2011 1:36 pm

Hi Floks,

I have extracted RACF database (SYS1.RACFDS) to a flat file using IRRIDB00 utility program. I see Record type 200 indicates TSO segment information. when i obseverd record type 220 for a userid in the flat file for a PASSWORD i didn't get the location where the password starts & ends(the password is in encrypted via DES algoritham).

Could you please let me know where the PASSWORD stored( in which record type) (or) Am i following the correct method to get the password location (or) it is not possible to see encrypted password in RACF database.

I would appreciate your help!!!.

Thx,
XY09
XY09
 
Posts: 25
Joined: Mon Apr 26, 2010 9:19 am
Has thanked: 0 time
Been thanked: 0 time

Re: PASSWORD location.

Postby prino » Fri Apr 15, 2011 3:44 pm

XY09 wrote:I have extracted RACF database (SYS1.RACFDS) to a flat file using IRRIDB00 utility program. I see Record type 200 indicates TSO segment information. when i obseverd record type 220 for a userid in the flat file for a PASSWORD i didn't get the location where the password starts & ends(the password is in encrypted via DES algoritham).

Could you please let me know where the PASSWORD stored( in which record type) (or) Am i following the correct method to get the password location (or) it is not possible to see encrypted password in RACF database.

I would appreciate your help!!!.

And why would you want to know this? So that you can use a dictionary attack?

Your skillset contains just Cobol,Jcl,Db2,Vsam, CICS and IMS DB, which makes your request very, very suspicious - people who actually deal with RACF issues would never have posted the above...
Robert AH Prins
robert.ah.prins @ the.17+Gb.Google thingy
User avatar
prino
 
Posts: 635
Joined: Wed Mar 11, 2009 12:22 am
Location: Vilnius, Lithuania
Has thanked: 3 times
Been thanked: 28 times

Re: PASSWORD location.

Postby steve-myers » Fri Apr 15, 2011 7:27 pm

  • The password in the RACF database in encrypted. You cannot see it in plain text.
  • The password is not stored in the TSO segment.
steve-myers
Global moderator
 
Posts: 2105
Joined: Thu Jun 03, 2010 6:21 pm
Has thanked: 4 times
Been thanked: 243 times

Re: PASSWORD location.

Postby Robert Hansel » Sun Apr 17, 2011 11:13 pm

Passwords are not included in IRRDBU00 output. Passwords are not stored in clear text the RACF database. What is stored in the user profile in the database is a hash value created using the DES algorithm with the USERID as data and the password as the encryption key. RACF does not provide a means of unencrypting the password. To obtain the hash value, you will need to read the RACF database, perhaps by using Assembly Macros such as RACROUTE REQUEST=EXTRACT or ICHEINTY.
Regards, Bob

Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
www.rshconsulting.com
Robert Hansel
 
Posts: 4
Joined: Fri Sep 17, 2010 12:24 am
Has thanked: 0 time
Been thanked: 0 time

Re: PASSWORD location.

Postby steve-myers » Sun Apr 17, 2011 11:31 pm

Thanks for the update. I always know the password was not in clear text and that it was not possible to translate it to clear text, but did not know this additional info, like the password area was not in the IRRDBU00 output.
steve-myers
Global moderator
 
Posts: 2105
Joined: Thu Jun 03, 2010 6:21 pm
Has thanked: 4 times
Been thanked: 243 times


Return to Mainframe Security

 


  • Related topics
    Replies
    Views
    Last post