[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

VMS Password security



	One of the barn-door sized holes in VMS was (still is?) that
VMS used the Purdy Password hashing function.  I considered using it
for the Oracle RDBMS password function, but dropped the idea when I
realized that it is possible to invert the hash function.  I don't have
my notes, but I recall that it only took me a couple days to work it out.
The problem is that many passwords hash to the same value.  It is actually
hard to find out the true password that someone else chose, but easy to
find another password that will hash to the same value.  The hard part is
finding a printable password that maps to the desired value.
		--Bob Baldwin