Path: utzoo!mnetor!uunet!mcvax!enea!sommar
From: sommar@enea.UUCP (Erland Sommarskog)
Newsgroups: comp.os.vms
Subject: Re: USER ID PASS VALIDATION ON VMS
Message-ID: <2552@enea.UUCP>
Date: 27 Dec 87 23:53:23 GMT
References: <1740@bsu-cs.UUCP>
Reply-To: sommar@enea.UUCP(Erland Sommarskog)
Followup-To: comp.os.vms
Organization: ENEA DATA Svenska AB, Sweden
Lines: 18

Christopher F. Chiesa (cfchiesa@bsu-cs.UUCP) writes:
>Oh, really?  A college sophomore here at BSU sent me a mail message one day
>saying "run such-and-such program in my area..." - I ran it and was shown the
>binary string representing the hashed version of my password.  It would be
>simplicity itself for that program to just happen to write said password,
>along with my username, into a log file.  Anyone with access to the file 

Since you don't seem to be more careful; wouldn't it just be easier to
look over your shoulder when you type your username? User running programs
they don't know of are a much bigger security hole than any official
encryption algorithm.


-- 
Erland Sommarskog       
ENEA Data, Stockholm    
sommar@enea.UUCP        
                   C, it's a 3rd class language, you can tell by the name.