Problem solve Get help with specific problems with your technologies, process and projects.

Encrypting passwords using COBOL

Can you tell me if there are routines available using COBOL to encrypt and decrypt a security password stored on a mainframe VSAM file?
Unfortunately, I cannot. Most of the standard ways to do this are pretty math-intensive and would be tedious in COBOL. It would be better to call out from COBOL into a language like C. There are many implementations of appropriate algorithms in many languages, but I don't know of any in COBOL.

When you implement your system, consider rather than using a cipher, using a one-way hash function like SHA-1. That way, if someone gets the password database, they cannot decrypt the passwords. Now, the downside of this is that you can't tell someone their password if they lose it, you can only give them a new one.

If you do that, you store the hashed password, and to check the user's connection, you hash the supplied password and compare the result with the stored value in the database.

There is another improvement you can make to this that helps thwart dictionary attacks against your password database. In this technique, you store with the password a small arbitrary string of characters (two to eight characters) called a "salt" value. When you first store a password, you store the hash of the salt and the password, and do the check against the salt with the supplied password. This makes it more difficult for someone to compare a pre-computed dictionary against your database.

For more information on this topic, visit these other SearchSecurity.com resources:
Best Web Links: Password cracking
Best Web Links: Securing your data and information

This was last published in January 2002

Dig Deeper on Information security policies, procedures and guidelines