[comp.sys.dec] --More-- on VMS PASSWORD CHECKER

brodie@fps.mcw.edu (11/17/89)

By the way, VMS$SECUREPWD.EXE not only checks for the PW=USERNAME
combination, but also checks for these passwords (no matter what
options are given when you run it).

I got this list by DUMPing the code and looking at the quotes strings.
These passwords are checked for spelling forwards AND backwards.
(but does NOT check for your USERNAME spelled backwards.   *sigh*...)

(some of these are serious/obvious passwords, some others are just weird.
I expect that was due to testing of the code for weird password combinations?)

BRATWURST
FIELDSERVICE
MANAGER
MANAGERS
PANCAKES
PASSWORD
PRIMARY
SECONDARY
SERVICE
UETP
USER
VAX
VMS
VAXVMS
WILLIWAW
ZIRHUMBA

as I said in my original posting, you can use the /EXCLUDE qualifier to
specify and additional (hopefully long!) list of passwords you want to
add to this list....

-kent



-------------------------------------------------------------------------------
Kent C. Brodie - Systems Manager		brodie@mcw.edu
Medical College of Wisconsin			+1 414 778 4500

"Gee, I hope these are the right coordinates..."  -Chief O'Brian; STTNG

jym@anableps.berkeley.edu (Jym Dyer) (11/20/89)

I suspect the weird words---BRATWURST, PANCAKES, etc.---hash to
 the same thing as other "obvious" ones.  If not, they probably
  have some fascinating history behind them that somebody had
   better regale us with!

(On the other hand, the password checker *has* to work by hashing
 the dangerous passwords and checking those values.)
::::.-----.:::::<_Jym_>:::::::::::::::::::::::::::::::::::::::::::
:::/   |   \::::.-----.::::::::::::::::::::::::: Jym Dyer ::::::::
::/    |    \::/  o o  \::::::: jym@anableps.berkeley.edu ::::::::
::\   /|\   /::\ \___/ /::::::::: Berserkeley, California ::::::::
:::\ / | \ /::::`-----':::::::::::: Dilute! Dilute! O.K.! ::::::::
::::`-----':::::::::::::::::::::::::::::::::::::::::::::::::::::::

brodie@fps.mcw.edu (11/20/89)

In article <JYM.89Nov19210305@anableps.berkeley.edu>, jym@anableps.berkeley.edu (Jym Dyer) writes:
> I suspect the weird words---BRATWURST, PANCAKES, etc.---hash to
>  the same thing as other "obvious" ones.  If not, they probably
>   have some fascinating history behind them that somebody had
>    better regale us with!
> 

Actually, I later found it out on good authority (i.e. , D. Piper, the author)
that those "other" passwords are included inthe list because they are
the "example" passwords shown in various portions of the VMS doc set.

I guess many users are unbelievably stupid-- they use the EXAMPLE passwords
in the manuals!  Oh well.

-------------------------------------------------------------------------------
Kent C. Brodie - Systems Manager		brodie@mcw.edu
Medical College of Wisconsin			+1 414 778 4500

"Gee, I hope these are the right coordinates..."  -Chief O'Brian; STTNG

madison@vms.ecs.rpi.edu (Matt Madison) (11/21/89)

In article <JYM.89Nov19210305@anableps.berkeley.edu>,
    jym@anableps.berkeley.edu (Jym Dyer) writes:
>I suspect the weird words---BRATWURST, PANCAKES, etc.---hash to
> the same thing as other "obvious" ones.  If not, they probably
>  have some fascinating history behind them that somebody had
>   better regale us with!

I don't think so.  I seem to remember seeing them in some VMS documentation -
maybe "Introduction to VMS" or the "Guide to VMS System Security" where they
talk about setting passwords and whatnot.
--
Matthew Madison, Systems Programmer  | 
Engineering Computing Services       |
Rensselaer Polytechnic Institute     |
Troy, New York 12180-3590 USA
   madison@vms.ecs.rpi.edu