24 Apr
2007
24 Apr
'07
7:04 p.m.
Jerome H. Fine wrote:
Perhaps Zane is following this thread or anyone else
who knows VMS well. I seem to remember that the
userid / password were placed through the same algorithm
as the stored values. The results were compared and
that was what produced a match. In addition, I also
understand that it was impossible to reverse the results
of the "encryption" algorithm.
That's called a one way function, or
a trap door. Modern day
equivalents would be cryptographic hashes such as MD5, SHA, SHA1,
SHA256. I don't recall the original Unix one, but it was based on some
rotor crypt, possibly inspired by the engima machine.
These were also "salted" which means that the OS would pick some random
byte to prevent dictionary brute force attacks against passwords. Not
sure if VMS had salted passwords. Such attacks exists today and are
called Rainbow-Tables and can be used against systems that lack salted
passwords.
Does anyone know of any other operating system which requires
secure passwords along with storing only the encrypted
equivalents of the userid / password?
Most flavors of Unix, *BSD do that.