brodie@fps.mcw.edu (11/17/89)
By the way, VMS$SECUREPWD.EXE not only checks for the PW=USERNAME combination, but also checks for these passwords (no matter what options are given when you run it). I got this list by DUMPing the code and looking at the quotes strings. These passwords are checked for spelling forwards AND backwards. (but does NOT check for your USERNAME spelled backwards. *sigh*...) (some of these are serious/obvious passwords, some others are just weird. I expect that was due to testing of the code for weird password combinations?) BRATWURST FIELDSERVICE MANAGER MANAGERS PANCAKES PASSWORD PRIMARY SECONDARY SERVICE UETP USER VAX VMS VAXVMS WILLIWAW ZIRHUMBA as I said in my original posting, you can use the /EXCLUDE qualifier to specify and additional (hopefully long!) list of passwords you want to add to this list.... -kent ------------------------------------------------------------------------------- Kent C. Brodie - Systems Manager brodie@mcw.edu Medical College of Wisconsin +1 414 778 4500 "Gee, I hope these are the right coordinates..." -Chief O'Brian; STTNG
jym@anableps.berkeley.edu (Jym Dyer) (11/20/89)
I suspect the weird words---BRATWURST, PANCAKES, etc.---hash to the same thing as other "obvious" ones. If not, they probably have some fascinating history behind them that somebody had better regale us with! (On the other hand, the password checker *has* to work by hashing the dangerous passwords and checking those values.) ::::.-----.:::::<_Jym_>::::::::::::::::::::::::::::::::::::::::::: :::/ | \::::.-----.::::::::::::::::::::::::: Jym Dyer :::::::: ::/ | \::/ o o \::::::: jym@anableps.berkeley.edu :::::::: ::\ /|\ /::\ \___/ /::::::::: Berserkeley, California :::::::: :::\ / | \ /::::`-----':::::::::::: Dilute! Dilute! O.K.! :::::::: ::::`-----':::::::::::::::::::::::::::::::::::::::::::::::::::::::
brodie@fps.mcw.edu (11/20/89)
In article <JYM.89Nov19210305@anableps.berkeley.edu>, jym@anableps.berkeley.edu (Jym Dyer) writes: > I suspect the weird words---BRATWURST, PANCAKES, etc.---hash to > the same thing as other "obvious" ones. If not, they probably > have some fascinating history behind them that somebody had > better regale us with! > Actually, I later found it out on good authority (i.e. , D. Piper, the author) that those "other" passwords are included inthe list because they are the "example" passwords shown in various portions of the VMS doc set. I guess many users are unbelievably stupid-- they use the EXAMPLE passwords in the manuals! Oh well. ------------------------------------------------------------------------------- Kent C. Brodie - Systems Manager brodie@mcw.edu Medical College of Wisconsin +1 414 778 4500 "Gee, I hope these are the right coordinates..." -Chief O'Brian; STTNG
madison@vms.ecs.rpi.edu (Matt Madison) (11/21/89)
In article <JYM.89Nov19210305@anableps.berkeley.edu>, jym@anableps.berkeley.edu (Jym Dyer) writes: >I suspect the weird words---BRATWURST, PANCAKES, etc.---hash to > the same thing as other "obvious" ones. If not, they probably > have some fascinating history behind them that somebody had > better regale us with! I don't think so. I seem to remember seeing them in some VMS documentation - maybe "Introduction to VMS" or the "Guide to VMS System Security" where they talk about setting passwords and whatnot. -- Matthew Madison, Systems Programmer | Engineering Computing Services | Rensselaer Polytechnic Institute | Troy, New York 12180-3590 USA madison@vms.ecs.rpi.edu