Paul,
I am not sure it is a public/private encryption (RSA). My guess is for
licensing reasons 10 years ago DES was used and that part of the code
wasn't changed since. Guessing further I would say some hash-function
takes node's name and password as arguments and produces DES key. Same
function is used on both ends, if arguments are same (name is known,
password has to match) the resulting key is same and decrytion succeeds.
Probably for security reasons IBM (and Andy) cannot comment my and your
predictions. Hope if some of us guessed correct they would not be angry on
us (maybe I started thinking very IBMish :-I )
Zlatko Krastev
IT Consultant
"Seay, Paul" <seay_pd AT NAPTHEON DOT COM>
Sent by: "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
20.02.2003 06:35
Please respond to "ADSM: Dist Stor Manager"
To: ADSM-L AT VM.MARIST DOT EDU
cc:
Subject: Re: password encryption
In encryption speak. The node name is usually called the public key. The
private key is what is used to encrypt the message. This is a nice
implementation because during password change (which is probably in the
message) the new encyption key (password) is not exposed.
Paul D. Seay, Jr.
Technical Specialist
Northrop Grumman Information Technology
757-688-8180
-----Original Message-----
From: Andrew Raibeck [mailto:storman AT US.IBM DOT COM]
Sent: Wednesday, February 19, 2003 8:02 PM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: Re: password encryption
To clarify my earlier response on this:
The (encrypted) password is not actually sent between client and server,
except when the password is being changed. During authentication, the
client
sends the server a message that is encrypted using the password as the
key.
The server knows what the decrypted message should be, so if the wrong
password was used to encrypt the message, then the authentication will
fail.
Regards,
Andy
Andy Raibeck
IBM Software Group
Tivoli Storage Manager Client Development
Internal Notes e-mail: Andrew Raibeck/Tucson/IBM@IBMUS
Internet e-mail: storman AT us.eyebm DOT com (change eye to i to reply)
The only dumb question is the one that goes unasked.
The command line is your friend.
"Good enough" is the enemy of excellence.
Andrew Raibeck/Tucson/IBM@IBMUS
Sent by: "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU> 02/19/2003
14:56
Please respond to "ADSM: Dist Stor Manager"
To: ADSM-L AT VM.MARIST DOT EDU
cc:
Subject: Re: password encryption
The password is indeed encrypted.
Regards,
Andy
Andy Raibeck
IBM Software Group
Tivoli Storage Manager Client Development
Internal Notes e-mail: Andrew Raibeck/Tucson/IBM@IBMUS
Internet e-mail: storman AT us.eyebm DOT com (change eye to i to reply)
The only dumb question is the one that goes unasked.
The command line is your friend.
"Good enough" is the enemy of excellence.
"Prather, Wanda" <Wanda.Prather AT JHUAPL DOT EDU>
Sent by: "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU> 02/19/2003
14:40
Please respond to "ADSM: Dist Stor Manager"
To: ADSM-L AT VM.MARIST DOT EDU
cc:
Subject: Re: password encryption
I've always been told that the password is NOT sent in plain text, it's
encrypted. (but I've never had a sniffer to check it myself).
-----Original Message-----
From: Eliza Lau [mailto:lau AT VTCAT.CC.VT DOT EDU]
Sent: Wednesday, February 19, 2003 10:36 AM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: password encryption
Does anyone know how the stored password on the client machine is passed
to
the server for authentication?
The user has 'password generate' in his dsm.opt. The password is stored
in
the Registry of his Windows 2000 client. When the TSM client starts is
the
password sent to the server in plain text or encrypted?
Thanks,
Eliza Lau
Virginia Tech Computing Center
1700 Pratt Drive
Blacksburg, VA 24060
|
