[an error occurred while processing this directive]

HP OpenVMS Systems

ask the wizard
Content starts here

Password Hashing Algorithm? (Purdy)

» close window

The Question is:

 
I have spent days trying to find details on how the UAI$C_PURDY_S Encryption
Alogrithm works. Can you direct me to a web site, a book, or sonething,
where I can decent details on the Algorithm.
 
Thanks,
 
Ken Fitz
 
 


The Answer is :

 
  OpenVMS uses a function known as a Purdy polynomial to perform a one-way
  hash on the password.  The username, the password, and some salt are all
  used together to create the hashed password quadword value.
 
  The usual approach to checking a password on OpenVMS is to prompt for the
  password, retrieve various values from the system authorization file via
  $getuai, and to run the appropriate values through the system service
  $hash_password, and compare the results against the value saved in the
  system authorization file.  OpenVMS Engineering expects to be releasing
  new capabilities to ease implementing the necessary related tasks, such
  as auditing and breakin evasion.
 
  Older versions of the passord hashing module used within OpenVMS have been
  seen at various websites over time, search for a string "+ hpwd + purdy"
  or similar for details.
 
  For the current version of the source code involved, please acquire and
  examine the OpenVMS source listings CD-ROM set.
 

answer written or last revised on ( 17-SEP-1999 )

» close window