Path: utzoo!attcan!uunet!lll-winken!lll-ncis!helios.ee.lbl.gov!pasteur!ucbvax!decwrl!cookie.dec.com!devine
From: devine@cookie.dec.com (Bob Devine)
Newsgroups: comp.unix.wizards
Subject: Re: Password security (really VMS password encryption)
Message-ID: <8901060328.AA21716@decwrl.dec.com>
Date: 6 Jan 89 04:20:00 GMT
Organization: Digital Equipment Corporation
Lines: 15

John Haugh writes:
> This reminds me - old VAX/VMS used CRC16 to encrypt their passwords.
> Which is about as multi-way as it gets ...  This would mean, if correct,
> that only 65,536 different passwords [...]

  No, the original VMS encryption algorithm was called "AUTODIN 2".
Essentially it hashed the password into a 32 bit quantity.  There
were a couple problems with it: 32 bits wasn't enough to prevent
several passwords generating the same hash value; and it was too fast.
A brute force attack would work.

  The current algorithm is called the "Purdy" algorithm.  It runs
about 100 times slower than the other plus it uses a 64 bit value.

Bob Devine