Password security (really VMS password encryption)
Bob Devine
devine at cookie.dec.com
Fri Jan 6 14:20:00 AEST 1989
John Haugh writes:
> This reminds me - old VAX/VMS used CRC16 to encrypt their passwords.
> Which is about as multi-way as it gets ... This would mean, if correct,
> that only 65,536 different passwords [...]
No, the original VMS encryption algorithm was called "AUTODIN 2".
Essentially it hashed the password into a 32 bit quantity. There
were a couple problems with it: 32 bits wasn't enough to prevent
several passwords generating the same hash value; and it was too fast.
A brute force attack would work.
The current algorithm is called the "Purdy" algorithm. It runs
about 100 times slower than the other plus it uses a 64 bit value.
Bob Devine
More information about the Comp.unix.wizards
mailing list