Although OpenVMS passwords are not case sensitive and limited to alphanumeric characters, that does not mean cracking passwords is easier on OpenVMS than on other systems. The algorithm used to encode OpenVMS passwords is irreversible (mentioned for the sake of completeness). The password length is not limited to 8 characters. To give you an example, compare an 8 character password using ASCII ("!".."~") with a 10 character OpenVMS password: (127-33)**8/(2+26+10)**10=0.97 BTW most sites require the use of at least one digit, one special character, a non-alphanumberic character at the beginning etc. for unix and ms-dos. That limits the number of permutations significantly and you might end up with a number of possible passwords that can be cracked in less than a second if your system limits the password length to 8 characters. There are a few other important features which are not so well known by the general hackers society (or shall I say script kiddies?). OpenVMS users do not have access to the (encoded) passwords. A privilege like SYSPRV would grant access to the system user authorization file (SYSUAF), but a system administrator with this privilege already has access to the entire machine. OpenVMS comes with intrusion detection. An attempt to guess the password will trigger counter measures. Exploiting typical vulnerabilities in poorly ported c/c++ unix/ms-dos applications is much more difficult because of the Alpha (and VAX) architecture and many OpenVMS features (see http://www.openvms.compaq.com/ for further information). I suggest you send your announcemnt to comp.os.vms - just to take flak! > I have written a patch for John the Ripper http://www.openwall.com/john/ > to allow cracking OpenVMS (Vax and Alpha) passwords. The patch is based on > code from Shawn Clifford, Davide Casale and Mario Ambrogetti. > > The sources are in http://jl.gailly.net/security/john-VMS-patch.tar.gz > A README file is at http://gailly.net/security/john-VMS-readme.html > or in ascii at http://jl.gailly.net/security/README.VMS > > This patch has been tested on x86 only and does not work yet on big endian > systems. It uses asm code for speed but a portable C version is included as > well. The asm version checks about 150,000 passwords per second on a 1 GHz > system. Password cracking is much easier on OpenVMS than on other systems > since passwords are not case sensitive and limited to alphanumeric, > '$' and '_' only. > > Jean-loup Gailly > http://gailly.net/security/ --------------------------------------------------------------------------- Get your free email at http://www.microsoftsucks.org
This archive was generated by hypermail 2b30 : Sat Nov 30 2002 - 12:34:10 PST