Decrypt logonpassword from DB2 extracted users table datas

Posted on 2007-08-09
Last Modified: 2013-12-11

I have an e-commerce website installed on Websphere Commerce with a DB2 server.
I want to change the plateform and rebuild the website on a Tomcat server with a Mysql database server. I extracted all the datas from DB2 : table USERREG that contains the logon id and the encrypted password (logonpassword). Is it possible to decrypt these passwords in order to have them in clear text ?

Thank you for help !
Question by:kimousse
    LVL 41

    Expert Comment

    In a word.  No.

    The algorithm used to encrypt/decrypt logon passwords that are stored in a DB2 table is not something that is readily available.

    If you are moving from a DB2 database to a MySql database, you may have to force your users to reset their own passwords.  Sorry.

    Author Comment

    Thanx for your response.

    Isn't there any way to get somewhere the algorithm and/or hash key ?
    LVL 41

    Accepted Solution

    Very unlikely.

    Do you think that IBM would share the algorithm that it uses to encrypt passwords?

    I think not.
    LVL 45

    Expert Comment

    Hi kimousse,

    Nope.  The math involved in encoding the data doesn't allow for that kind of a reverse process.

    In a gross over-simplification, imagine an encryption of  'A' that results in 'R$c'.  What happened is that the bit string (0x41 - 01000001) went through a process that resulted in the new bit string (0x522463 - 010100100010010001100011).

    There are literally millions of algebraic expressions where f('A') = 'R$c'.  It's not possible to know the exact process that made the transformation.

    Even simpler is a 1 for 1 transformation.  Given the digit 8, was it generated by 1+7?, 2+6?, 3+5? 4+4?  How about 9-1?

    That's the purpose of these encrytion algorithms.  Give them a string, and the produce something that can not be easily reverse engineered.

    In the case of proprietary conversions (like you're seeing) the vendor is certainly not interested in revealing the process.

    Good Luck,

    Author Comment

    Thanx Kdo and HonorGod !
    LVL 41

    Expert Comment

    Thanks, and good luck

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    There are numerous questions about how to setup an IBM HTTP Server to be administered from WebSphere Application Server administrative console. I do hope this article will wrap things up and become a reference for this task. You need three things…
    Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now