Generating Passwords in Natural

1
Generating Passwords in Natural

• By DeFrance Clarke
• To Northwest User's Group
• April 20, 2006

2
Overview

• Generating a random number
• Starting the random number generator
• Picking a random character
• Generating the (hardened) password
• Changing passwords on the SFT server
• The JCL to implement the solution
• Discussion and Your Questions

3
Algorithm Reference
4
Formula for a random number
Xn1 ( a Xn c ) mod m a 31421 c 2113249 m
107
5
Natural Code - Define Data
0490 1 RANDOM-NUMBER-GENERATOR 0500
Reference D.E.Knuth, "Seminumerical
Algorithms" 0510 The Art of Computer
Programming, Volume 2 0520 X(n1) (aX(n)c)
mod m 0530 2 X-EXTENDED
(P13.0) 0540 2 REDEFINE X-EXTENDED 0550
3 EXTENSION (B3) / m
107 0560 3 X (P0.7)
/ Random number 0.00..0.999.. 0570 2 A
(P5.0) INIT lt31421gt /
Factor 0580 2 C (P7.0)
INIT lt2113249gt / Constant
6
Natural Code - Subroutine

• 2040 DEFINE SUBROUTINE RANDOM-NUMBER
• 2050 MULTIPLY X-EXTENDED BY A
• 2060 ADD C TO X-EXTENDED
• 2070 DISPLAY X-EXTENDED X / Debug
• 2080 RESET EXTENSION
• 2090 DISPLAY X-EXTENDED X / Debug
• 2100 END-SUBROUTINE

7
Time of Day Clock
0 8 16 24 32 40 48 56 63
Ignore high order bits ? Use these bits
? Bit 51 is incremented every microsecond.

• 0590 2 TIMESTAMP (B8) / SYSTEM TIME
• 0600 2 REDEFINE TIMESTAMP
• 0610 3 FILLER 3X
• 0620 3 SEED (I4) / Use middle
  24 bits as seed
• 0630 3 REDEFINE SEED / to start random
  sequence
• 0640 4 SEED1 (I1)
• 0650 3 FILLER 1X / These bits
  not random

8
Natural Code

• 1190 Initialize the Generator
• MOVE TIMESTMP TO TIMESTAMP
• 1210 RESET SEED1
• 1220 MOVE SEED TO X-EXTENDED
• 1230 RESET NEW-PASSWORD
• 1240 MOVE EDITED SEED
• (EM99999999) TO SHOW-SEED

9
SFT Password Rules

• Password must be changed as follows
• Password must have at least 8 characters total.
• Password must have at least 2 alpha character(s).
  
• Password must have at least 2 numeric
  character(s).
• Password must have at least 2 special
  character(s).

10
The Character Set

• 0190 1 BASIC-PARMS
• 0200 2 LEN (I1) INIT lt8gt
• 0210 2 CHARS-EBCDIC (A88) INIT
• 0220 lt'abcdefghijklmnopqrstuvwxyz' -
  / 26 00..25
• 0230 "ABCDEFGHIJKLMNOPQRSTUVWXYZ" -
  / 26 26..51
• 0240 '0123456789' -
  / 10 52..61
• 0250 '!"(),-./ltgt?_at__' gt
  / 26 62..87
• 0260 Notes on special characters
• 0270 The " will be changed to ', there is no
  "
• 0280 The and º and \ are ambiguous.
• 0290 The square brackets and caret are not
  avail in Extra.
• 0300 The and are not available in Host on
  Demand.
• 0310 Remaining characters are listed in ISO 646
  order.

11
Pick a Random Character - 1

• 2120 DEFINE SUBROUTINE PICK-RANDOM-CHAR
• 2130 Pick a random character from the set
  provided
• 2140 COMPUTE SPAN LAST - FIRST 1
• 2150 PERFORM RANDOM-NUMBER
• 2160 MULTIPLY X BY SPAN GIVING INDEX
• 2170 ADD FIRST TO INDEX
• 2180 Put character in random place
• 2190 PERFORM RANDOM-NUMBER
• 2200 MULTIPLY X BY LEN GIVING I

12
Pick a Random Character - 2

• 2210 FOR J 1 TO LEN
• 2220 ADD I J GIVING K
• 2230 IF K gt LEN
• 2240 SUBTRACT LEN FROM K
• 2250 END-IF
• 2260 IF P(K) ' '
• 2270 MOVE CHAR(INDEX) TO P(K)
• 2280 ESCAPE BOTTOM
• 2290 END-IF
• 2300 END-FOR
• 2310 DISPLAY SPAN INDEX I J K
  NEW-PASSWORD (AL8)
• 2320 END-SUBROUTINE

13
FTP Commands to Change Password

• -r TLS SFTSERVER-TEST.WA.GOV(Exit
• ltuseridgt
• ltold-passwordgt
• quote site chpwd ltuidgt ltold-pwgt ltnew-pwgt
• quit

14
JCL to Implement

• //NATCMDS EXEC NAT,DBID200,PARMS'STACK(LOGON
  BATY235)'
• //NATURAL.CMWKF01 DD DISPSHR,
• // DSNCLM235.P.SFT.LOGINS(OSTAFTP)
• //NATURAL.CMWKF02 DD DSNPASSCMD,
• //NATCMDS EXEC NAT,
• // DBID200,
• // PARMS'STACK(LOGON BATY235)'
• //NATURAL.CMWKF01 DD DISPSHR, Username
  Current Password
• // DSNCLM235.P.SFT.LOGINS(OSTAFTP)
• //NATURAL.CMWKF02 DD DSNPASSCMD,
• //NATURAL.CMWKF03 DD DSNPASSTMP,
• //NATURAL.SYSIN DD
• CLAG114A
• TEST
• /

15
Summary

• Generating a random number
• Starting the random number generator
• Picking a random character
• Generating the (hardened) password
• Changing passwords on the SFT server
• The JCL to implement the solution