1993-11-12 - VMS Password security
Header Data
From: baldwin@LAT.COM (Bob Baldwin)
To: cypherpunks@toad.com
Message Hash: 0917bc46bade367ce20aba999bb7f95928847fb4bb01e017b5f32ab7ae0260c0
Message ID: <9311122148.AA01051@LAT.COM>
Reply To: N/A
UTC Datetime: 1993-11-12 22:29:42 UTC
Raw Date: Fri, 12 Nov 93 14:29:42 PST
Raw message
From: baldwin@LAT.COM (Bob Baldwin)
Date: Fri, 12 Nov 93 14:29:42 PST
To: cypherpunks@toad.com
Subject: VMS Password security
Message-ID: <9311122148.AA01051@LAT.COM>
MIME-Version: 1.0
Content-Type: text/plain
One of the barn-door sized holes in VMS was (still is?) that
VMS used the Purdy Password hashing function. I considered using it
for the Oracle RDBMS password function, but dropped the idea when I
realized that it is possible to invert the hash function. I don't have
my notes, but I recall that it only took me a couple days to work it out.
The problem is that many passwords hash to the same value. It is actually
hard to find out the true password that someone else chose, but easy to
find another password that will hash to the same value. The hard part is
finding a printable password that maps to the desired value.
--Bob Baldwin
Thread
Return to November 1993
Return to “baldwin@LAT.COM (Bob Baldwin)”
1993-11-12 (Fri, 12 Nov 93 14:29:42 PST) - VMS Password security - baldwin@LAT.COM (Bob Baldwin)