[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

VMS Password security

To: [email protected]
Subject: VMS Password security
From: [email protected] (Bob Baldwin)
Date: Fri, 12 Nov 93 13:48:51 PST
Cc: [email protected]

	One of the barn-door sized holes in VMS was (still is?) that
VMS used the Purdy Password hashing function.  I considered using it
for the Oracle RDBMS password function, but dropped the idea when I
realized that it is possible to invert the hash function.  I don't have
my notes, but I recall that it only took me a couple days to work it out.
The problem is that many passwords hash to the same value.  It is actually
hard to find out the true password that someone else chose, but easy to
find another password that will hash to the same value.  The hard part is
finding a printable password that maps to the desired value.
		--Bob Baldwin

Prev by Date: Re: Instant check system
Next by Date: Re: Should we oppose the Data Superhighway/NII?
Prev by thread: Re: "Root Canal" questions
Next by thread: Key Sharing Protocols
Index(es):
- Date
- Thread