stephenf@softway.oz (Stephen Frede) (02/09/89)
In comp.lang.postscript pv9y@vax5.ccs.cornell.edu (Adam Engst) writes: > [ about trying to find their password ] I think the PostScript password is a case where the mix of security versus convenience definitely comes out against security. There should be a way of resetting the password if you have physical access to the printer. The worst damage someone can do if they know the password is to adversely affect normal operation of the printer, or perhaps wear out the EEROM by writing to it too many times. Stuffing the printer is of course also possible with physical access to the printer, so there is no real loss of security. The other annoying thing is that the PostScript code generated by many applications requires that the password be set to 0, so they can download laserprep files and such. On many of these, there is no capability of telling the application what the current password is. This leaves you vulnerable - anyone who can print a job on your printer can change the password, and you're gone. The worst of both worlds. When we upgraded our LaserWriter to a LaserWriter Plus, which is just a change in the Roms, all the EEROM parameters were reset, including the password - so I believe there may be some way to do it. Call the manufacturer of your printer and see if an engineer can prod it for you. It must be a common question they are asked. > passwords (which are up to three digit integers, I believe), ... Passwords are integers, normally in the range +- 2^31. If you know that your password has 3 digits, then an iterative approach is feasible. Otherwise, you are out of luck. All the operators capable of being used to check if a password is valid (checkpassword, setpassword, exitserver) will pause for about 1 second if the password given is incorrect, to prevent just such an approach. Anyway, a possible program appears below. Output is on the serial port. ------------------------------------------------------------------ %! /min 0 def % lower bound of search /max 1000 def % upper bound of search /starttime usertime def % so we know how long it took statusdict begin { min 1 max { dup checkpassword { (password = ) print == flush stop % break out of the loop } { pop } ifelse } for } stopped pop (Search time in seconds: ) print usertime starttime sub 1000 div == flush ------------------------------------------------------------------ Regards, - Stephen Frede Softway Pty Ltd, P.O. Box 305, Strawberry Hills, NSW 2012, AUSTRALIA Phone: +61 2 698 2322; Fax: +61 2 699 9174; Telex: AA27987 ACSnet: stephenf@softway.oz UUCP: ...!uunet!softway.oz!stephenf
louie@haven.umd.edu (Louis Mamakos) (02/12/89)
In article <1122@softway.oz> stephenf@softway.oz (Stephen Frede) writes: >Passwords are integers, normally in the range +- 2^31. Not always. One our DEC LPS40, the password is a string rather than an integer. This makes searching for it a little more difficult. In the case of the LPS40, changing the password is easy; it is set by a config file on the host that it boots from. I love ethernet attached printers! -- Louis A. Mamakos WA3YMH Internet: louie@TRANTOR.UMD.EDU University of Maryland, Computer Science Center - Systems Programming