• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1914
  • Last Modified:

Decrypt logonpassword from DB2 extracted users table datas

Hello,

I have an e-commerce website installed on Websphere Commerce with a DB2 server.
I want to change the plateform and rebuild the website on a Tomcat server with a Mysql database server. I extracted all the datas from DB2 : table USERREG that contains the logon id and the encrypted password (logonpassword). Is it possible to decrypt these passwords in order to have them in clear text ?

Thank you for help !
0
kimousse
Asked:
kimousse
  • 3
  • 2
1 Solution
 
HonorGodCommented:
In a word.  No.

The algorithm used to encrypt/decrypt logon passwords that are stored in a DB2 table is not something that is readily available.

If you are moving from a DB2 database to a MySql database, you may have to force your users to reset their own passwords.  Sorry.
0
 
kimousseAuthor Commented:
Thanx for your response.

Isn't there any way to get somewhere the algorithm and/or hash key ?
0
 
HonorGodCommented:
Very unlikely.

Do you think that IBM would share the algorithm that it uses to encrypt passwords?

I think not.
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
Kent OlsenData Warehouse Architect / DBACommented:
Hi kimousse,

Nope.  The math involved in encoding the data doesn't allow for that kind of a reverse process.

In a gross over-simplification, imagine an encryption of  'A' that results in 'R$c'.  What happened is that the bit string (0x41 - 01000001) went through a process that resulted in the new bit string (0x522463 - 010100100010010001100011).

There are literally millions of algebraic expressions where f('A') = 'R$c'.  It's not possible to know the exact process that made the transformation.

Even simpler is a 1 for 1 transformation.  Given the digit 8, was it generated by 1+7?, 2+6?, 3+5? 4+4?  How about 9-1?

That's the purpose of these encrytion algorithms.  Give them a string, and the produce something that can not be easily reverse engineered.

In the case of proprietary conversions (like you're seeing) the vendor is certainly not interested in revealing the process.


Good Luck,
Kent
0
 
kimousseAuthor Commented:
Thanx Kdo and HonorGod !
0
 
HonorGodCommented:
Thanks, and good luck
0

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now