Path: utzoo!mnetor!uunet!husc6!psuvax1!burdvax!sdcrdcf!otto!jimi!johnny!robert
From: robert@johnny.cs.unlv.edu (Robert Cray)
Newsgroups: sci.crypt
Subject: Re: VMS password hacker
Message-ID: <758@jimi.cs.unlv.edu>
Date: 11 Mar 88 05:58:46 GMT
References: <1315@ucdavis.ucdavis.edu>
Sender: news@jimi.cs.unlv.edu
Reply-To: robert@jimi.cs.unlv.edu (Robert Cray)
Organization: University of Nevada, Las Vegas
Lines: 16

In article <1315@ucdavis.ucdavis.edu> ecs140w020@deneb.ucdavis.edu (0000;0000005648;4000;250;215;ecs140w) writes:
>Bunkersoft of Mountain View has a VMS password hacker
>available for $30 (source code) from
[...]
>Since HPWD is a proprietary DEC code, a batch file is given to
>extract this information from LOGINOUT.EXE. I believe this program
>is aimed at security managers etc.
>

Someone posted the source to lgi$hpwd on info-vax a while ago.  I'm suprised
DEC does not make available a call to do this, which would also do the same
accounting that goes on in loginout.  Can anyone whos looked at the code
comment on how secure it is?  I don't know macro-32, and have no intention
of learning it.  Quite annoying that so many vms programs are in macro.

						--robert