info-vax@ucbvax.ARPA (10/07/84)
From: Doug Freyburger <DOUG@JPL-VLSI.ARPA>
There was once a program on our VMS machine called GUESS. When run by
a user with SYSPRV enabled, it took a username, and then a password. It
encoded that password with the same alorythm used by LOGINOUT, and compared
the encoded string with the password stored in SYS$SYSTEM:SYSUAF.DAT. It then
reported whether the quess was correct or not. Unfortunately, the source and
author are no longer around.
We are going through another of our regular security tightenings, and
we would like to be able to try guessing everyone a few times for "obvious"
passwords. We would like a program that allows an interactive guessing
session without all of those LOGFAILs, and another program that does a match
against a list of words stored in a file. Given these two programs we system
people could have regular password guessing parties interactively, and run the
dictionary matching program to catch users against words common to projects on
the machine, and the other usual types of passwords that "breakers-in" try.
Does anyone have this sort of software for VMS that you'd be willing
to send me through NetMail, or give me a pointer to? It would help our
security a good deal, but we don't have anyone familiar enough with the
micro-fiches to come up with it in a reasonable length of time.
Please respond directly to me since I am not on the distribution list.
(-)nx in advance,
Doug
------