Version 7.5 of their IBM I platform introduces a new value for QPWDLVL, 4 which uses PBKDF2 with HMAC-SHA512 to hash passwords. But how secure is this new approach? In this article I will expose two vulnerabilities arising from IBM’s cryptographic choices.
Continue reading