Re: Display User Password? -- MIDRANGE-L

Since you guys seem to know more about this than most of us,
my question: is there such a thing as a pwd that cannot be brute forced?
jim
----- Original Message ----- 
From: "Hall, Philip" <phall@xxxxxxxx>
To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
Sent: Tuesday, September 28, 2004 11:24 PM
Subject: RE: Display User Password?


> > -----Original Message-----
> > From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-
> > bounces@xxxxxxxxxxxx] On Behalf Of Douglas Handy
> > Subject: Re: Display User Password?
> >
> > Phil,
> >
> > >it take somewhere in the region of 20 minutes plus do decrypt just
> > *one* iSeries password on a fast PC.
> >
> > FWIW, last I knew that very much depended on the length of the
> > password.  Assuming the old style passwords (ie not 128-char and with
> > lanman pwds intact), then my PC can test somewhat over 19 million
> > passwords per second using an AS/400 password cracker obtained off the
> > internet.
>
> Doug,
>
> The program I used took into consideration that the 10 char passwords are
split into two separate units; one of 7 chars and one of 3 chars. Plus it
took into consideration some of the other 'reduction in security features'
of the AS/400 passwords too. Net effect was a brute force attack[1] that
produced (the correct) results in about 20 mins.
>
> --phil
>
> [1] In a prior email I said 'decrypt, not brute force'. I misstated that,
it is a brute force attack.
>

This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.