RE: Display User Password? -- MIDRANGE-L

× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.

> -----Original Message-----
> From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-
> bounces@xxxxxxxxxxxx] On Behalf Of Douglas Handy
> Subject: Re: Display User Password?
> 
> Phil,
> 
> >it take somewhere in the region of 20 minutes plus do decrypt just
> *one* iSeries password on a fast PC.
> 
> FWIW, last I knew that very much depended on the length of the
> password.  Assuming the old style passwords (ie not 128-char and with
> lanman pwds intact), then my PC can test somewhat over 19 million
> passwords per second using an AS/400 password cracker obtained off the
> internet.

Doug,

The program I used took into consideration that the 10 char passwords are split 
into two separate units; one of 7 chars and one of 3 chars. Plus it took into 
consideration some of the other 'reduction in security features' of the AS/400 
passwords too. Net effect was a brute force attack[1] that produced (the 
correct) results in about 20 mins.

--phil

[1] In a prior email I said 'decrypt, not brute force'. I misstated that, it is 
a brute force attack.

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.