×
The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.
At 06:36 PM 11/17/97 -0500, you wrote:
>Booth,
>
>There is a suite of password APIs that allow you to retrieve the ENCRYPTED
>value of a users password and then use that value to set the user's password
>at a later date/time. Thus it is now possible to "retrieve" a user's
>password. Notice that the original post did not want to see the unencrypted
>value, which you cannot do.....maybe.....
>
>My biggest question is this: Does the word "PASSWORD" always resolve to the
>same encrypted value?
Yes.
If so, couldn't I retrieve the encrypted password, do
>a reverse lookup into a table of plain to encrypted values and retrieve the
>clear text password for the encrypted value? It may take me a few weeks of
>machine time to build this table of clear to encrypted values, but it could
>be worth it.
Yes again. A 'dictionary hack' is now a much more feasable endeavor. All
the more reason for enforcing non-trivial passwords.
jte
jte
>
>-Walden
>-----Original Message-----
>From: boothm@ibm.net <boothm@ibm.net>
>To: MIDRANGE-L@midrange.com <MIDRANGE-L@midrange.com>
>Date: Monday, November 17, 1997 8:37 AM
>Subject: RE: How to preserve password change date
>
>
>>
>>�>Don't even think about trying to change audit values like last password
>>�>change date.
>>
>>Is there another way to reach your goal without mucking in the user
>>passwords? Somewhere recently I saw it written that passwords go into an
>>AS/400 encrypted, and there purposely isn't any unencryption method, so,
>>on the face of it, it seems to me your original goal is not possible, at
>>least not for ordinary men.
>>
>>----------------------------------------------------
>>Booth Martin
>>---------------------------------------------------
>>
>>
>>
>>+---
>>| This is the Midrange System Mailing List!
>>| To submit a new message, send your mail to "MIDRANGE-L@midrange.com".
>>| To unsubscribe from this list send email to MAJORDOMO@midrange.com
>>| and specify 'unsubscribe MIDRANGE-L' in the body of your message.
>>| Questions should be directed to the list owner/operator:
>david@midrange.com
>>+---
>>
>
>+---
>| This is the Midrange System Mailing List!
>| To submit a new message, send your mail to "MIDRANGE-L@midrange.com".
>| To unsubscribe from this list send email to MAJORDOMO@midrange.com
>| and specify 'unsubscribe MIDRANGE-L' in the body of your message.
>| Questions should be directed to the list owner/operator: david@midrange.com
>+---
>
>
*********************************
* John Earl *
* Lighthouse Software Inc. *
* 8514 71st NW *
* Gig Harbor, WA 98335 *
* 253-858-7388 *
* johnearl@lns400.com *
*********************************
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to "MIDRANGE-L@midrange.com".
| To unsubscribe from this list send email to MAJORDOMO@midrange.com
| and specify 'unsubscribe MIDRANGE-L' in the body of your message.
| Questions should be directed to the list owner/operator: david@midrange.com
+---
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
