[HECnet] How much should you be allowed to shoot yourself in the foot?
Johnny Billquist
bqt at softjar.se
Tue Oct 13 07:03:09 PDT 2020
On 2020-10-13 16:01, Johnny Billquist wrote:
> On 2020-10-13 14:58, Paul Koning wrote:
>>
>>
>>> On Oct 12, 2020, at 9:44 PM, Robert Armstrong <bob at jfcl.com> wrote:
>>>
>>>> Peter Lothberg <roll at stupi.com> wrote:
>>>> So if you can read sysuaf.dat.......
>>>
>>> VMS has "one way" password encryption (like Un*x) so you can't get
>>> an account's password by reading the SYSUAF file (well, OK you can
>>> guess it, but only by very brute force). So you could figure out
>>> which accounts were privileged, but it wouldn't automatically give
>>> you access to those accounts.
>>
>> RSTS used to have plain text passwords (in RAD50, so case insensitive
>> and limited to 6 alphanumerics. That changed in V8 with its new file
>> structure, which also added "account attributes". One of them is a
>> hashed password, 14 ASCII characters run through a one way hash
>> function constructed from a slightly modified DES. The "slightly
>> modified" was so you couldn't use a DES chip as a search engine.
>
> RSX in old times had plain text passwords in ASCII. That was changed in
> the early 80s I think (for RSX-11M-PLUS only) to one way encrypted via
> the Purdy hash. Same as VMS, I believe. 64 bit polynomial, one way hashing.
> Passwords are max 39 characters.
I should have added
https://en.wikipedia.org/wiki/George_B._Purdy#Purdy_polynomial
Johnny
--
Johnny Billquist || "I'm on a bus
|| on a psychedelic trip
email: bqt at softjar.se || Reading murder books
pdp is alive! || tryin' to stay hip" - B. Idol
More information about the Hecnet-list
mailing list