How the Time-Coder Algorithm Works
The RACF® PassTicket time-coder algorithm uses the result of Step 4 of the generator algorithm. It creates the time-coder information and passes it back to step 6 of that algorithm.
The following steps, which make up Step 5 of the generator algorithm, shown in Figure 2 describe this process:
- Step A
- Separate the 4-byte time-coder input (Result-4) into two portions, L2B (the left side), and R2B (the right side) to produce Result-A.
- Step B
-
- Concatenate R2B (the right 2 bytes from Result-A) with 6 bytes
of padding bits to form Result-B. In the resulting 8-byte string,
the 2 bytes of R2B occupy the leftmost 2 byte positions.
The padding bits consist of two separate 6 byte strings: PAD1 and PAD2. PAD1 is the left half and PAD2 is the right half of a 12 byte string consisting of the user ID (from Step 1 in How the Generator Algorithm Works) left justified and padded to the right with hexadecimal '55's. For example, if the user ID is
TOM
, PAD1 is 'E3D6D4555555' and PAD2 is '555555555555'. If the user ID isIBMUSER
, PAD1 is 'C9C2D4E4D2C5' and PAD2 is 'D95555555555'. PAD1 is used for time coder loop rounds 1, 3, and 5. PAD2 is used for time coder loop rounds 2, 4, and 6.
- Concatenate R2B (the right 2 bytes from Result-A) with 6 bytes
of padding bits to form Result-B. In the resulting 8-byte string,
the 2 bytes of R2B occupy the leftmost 2 byte positions.
- Step C
- Result-B is encrypted using the RACF secured signon application key 2 as the encryption key to produce Result-C.
- Step D
- The left 2 bytes from the Result-C are isolated and the rest of the value is discarded, producing Result-D.
- Step E
- Result-D is XORed with L2B (from Result-A) to produce Result-E.
- Step F
- The values of L2B and R2B are redefined:
- L2B is set equal to R2B.
- R2B is set equal to Result-E.
- Step G
- R2B is permuted1 using the permutation tables in Figure 1, where the table used reflects the number of the round. For example, for the first time through, R2B is permuted using table 1.
- Step H
- This step counts the number of time-coder rounds that have been completed. If the value is less than 6, the time-coder returns to Step b for another round. If 6 rounds have been completed, processing continues with the next step.
- Step I
- L2B (left 2 bytes) and R2B (right 2 bytes) are recombined into a 32-bit string. This completes the time-coder processing and produces Result-5. This result is passed back to the generator algorithm as input to Step 6 for translation.