"Peter_A._Hwang.WBST147"@Xerox.COM.UUCP (03/25/87)
Greetings, I have a few questions for the VMS guru on the netland. 1. Could someone offer some insight into how DCL RECALL works? RECALL recalls the previous DCL commands (up to 20) that the user has typed in during the session. I have an application to wipe out these stored commands, if possible. 2. Does anyone have, and is willing to give away, a routine (in any language) to find out the password of a user's own account? Peter Hwang Xerox
LEICHTER-JERRY@YALE.ARPA.UUCP (03/28/87)
1. Could someone offer some insight into how DCL RECALL works? RECALL recalls the previous DCL commands (up to 20) that the user has typed in during the session. I have an application to wipe out these stored commands, if possible. Among the "extended operations" available from the terminal driver are the abilities to (a) selectively disable recall by the driver itself, so that the application - here DCL - receives up and down arrow; and (b) "prime" the input buffer with a string that will be echoed and then appears exactly as if the user had actually typed it. Using this, DCL can save away the last 20 command lines, then see that the user type up arrow, grab the appropriate command line, and restart the read "primed" with that command line. User programs can do the same thing, though with VMS 4.4 they don't need to go through all the effort themselves - SMG$READ_COMPOSED_LINE will do it for them. DCL saves the command lines in a circular buffer somewhere in P1 space. A suitably-privileged program (CMEXEC) can easily erase the buffer. Depending on your level of paranoia, you can either really erase the circular buffer, or just change the pointers. The buffer and pointers are all undocumented, so of course anything you do in this way may very well break with the next ver- sion of VMS. You'll have to stare at the microfiche to figure out what's involved. I've seen programs to do this, but unfortunately none that I'm at liberty to distribute. 2. Does anyone have, and is willing to give away, a routine (in any language) to find out the password of a user's own account? The password is not stored anywhere in a readable form - all that is stored is the result of passing the password through a function that is believed to be impractical to invert - a so-called one-way function. I haven't heard any claims of a way to invert this function. (In any case, since the function is many-to-one - it maps passwords of up to 31 characters into either 4 or 8 bytes, I forget which - the best you could hope for would be SOME password with the same encrypted value; there is, in general, NO way to recover the original password, even in principle.) (You may wonder how VMS checks your password if it doesn't know what your password IS. The technique, used on just about all modern systems, is simple. Suppose F is this one-way function; so F(X) is easy to compute from X, but given F(X) it's very, very hard to get X back. Let P be your password. VMS stores away F(P). When you enter your response R to the "Password:" prompt, VMS computes F(R). If F(R) equals the stored F(P) - which it certainly will if R equals P! - VMS lets you in. If R is not equal to P, it is very unlikely (1 chance in 4 billion, if F produces a 4-byte quantity) that F(R) and F(P) will happen to be equal. The advantage of this approach is that even if the password file is acciden- tally revealed, all that's lost is F(P), from which it is impractical to com- pute P. (In fact, it's even impractical to compute ANY R with F(R)=F(P).) The disadvantage is that there is no way to recover you password if you forget it.) -- Jerry -------
MACALLSTR@vax1.physics.oxford.ac.UK.UUCP (03/28/87)
This is positively a hacker's question! If anyone knows of a way, don't answer. If anyone knows of a way, there'll be a lot of worried people in DEC and elsewhere! John