Skip to Content

3DEScrypt Error

I have a strange situation going on....

I have a workflow that provisions a user in AD using NW IDM 7.2 SP4. The user gets provisioned properly and the password is set.

Then I go to change the user's password via Self Service Password reset, the request works through the PF but when it goes to change the password I get: ERROR: Illegal size of buffer when trying to decrypt the password. This same process (and script) set the password not 5 minutes before.

Has anyone seen this before?

Thanks,

Matt

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

3 Answers

  • Best Answer
    author's profile photo Former Member
    Former Member
    Posted on Jul 04, 2012 at 11:23 AM

    The uEncrypt will use the encryption method set in the keys.ini, hence allowing for the new 3DESCBC.

    The 3DESCBC is stronger than it's predecessor cause same cipher text will look different for each timed

    encrypted. The uDESEncrypt will only use the old version.

    Notably the parameters of uDESEncrypt(key,cipher) are swapped in uEncrypt(cipher,key) for reason unknown to me.

    I think seen similar error once when the keys.ini file was generated with wrong key lengths.

    if you in the uFunctions use empty value in key field it will get the default key from keys.ini, if you

    have it spesified it use that key value.

    (The same goes for uDecrypt,uDESDecrypt.)

    My guess is if these parameters was swapped around you could something like that error message you reported.

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Apr 27, 2012 at 06:05 AM

    Hi,

    What encryption function are you using, is it custom or one of the standard ones? I'm on SP3, but it looks like sap_core_encryptPassword script is using the wrong function in this version. Would be interesting to see the encryption script you're using.

    Note: As of SAP NetWeaver Identity Management Identity Center 7.2, it is recommended to use the function uEncrypt instead

    Best Regards,

    Chris

    Add a comment
    10|10000 characters needed characters exceeded

    • Hi Chris,

      Unfortunately, this is being used for Windows Password reset and uEncrypt does not work in the Windows Engine from what I saw in the HELP. I'll have to double check the configuration, but I think I used my own script from the previous issues that you had mentioned.

      Thanks,

      Matt

  • author's profile photo Former Member
    Former Member
    Posted on Apr 26, 2012 at 07:32 PM

    No, sorry! - Not a helpful post, but at least you don't feel ignored!

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.