z/OS Security Server RACF System Programmer's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


The RACF DES algorithm

z/OS Security Server RACF System Programmer's Guide
SA23-2287-00

Encryption programs in general imply a two-way process: encryption and decryption.
  • Encryption is a process that uses an encryption key and the data itself as inputs. The result is an encrypted form of the data.
  • Decryption reverses the process; that is, the encrypted form of the data can only be decrypted by using the encryption key and the encrypted form of the data as inputs to reverse the encryption process.

The RACF® DES authentication algorithm provides a high level of security because it supports one-way encryption only; it does not support the reverse process. In addition, it does not store the password it uses as the encryption key. For these reasons, the reconstruction of original data is virtually impossible. However, make sure that users do not have READ access to the RACF database unless their jobs require it.

Parent topic: Password authentication options

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014