• Subject: Re: Rewarding Challenge AS/400
  • From: Jim Langston <jlangston@xxxxxxxxxxxxxxxx>
  • Date: Wed, 29 Sep 1999 11:49:17 -0700
  • Organization: Conex Global Logistics Services, Inc.

Yes, this is called a Reverse Dictionary Look up, and is a very common way
to determine passwords if you have the password file.

That is why the password file on Linux systems can be hidden.  If someone
can download the password file (and if you can read it to validate your
password you can download it) they can run a reverse dictionary on it and
if anyone uses common words for a password it will tell them the password.

It encrypts the common word, and compares the value with the saved value
for the password.  It doesn't actually decrypt anything.

"Kahn, David [JNJFR]" wrote:

> Ed,
> I don't think so. Without knowing the product specifically I'm guessing, but
> my guess is that it only ever sees encrypted passwords. It has an encrypted
> dictionary and encrypts any custom words and compares them with the
> encrypted password file. Sounds like a good product and I'd be horrified if
> it ran under QUSER.
> Dave Kahn
> Johnson & Johnson International (Ethicon) France
> Phone : +33 1 55 00 3180
> Email :  dkahn1@jnjfr.jnj.com (work)
>            dkahn@cix.co.uk      (home)

| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].