Thanks Mark
That makes me feel a lot better. I must say that I had completely
forgotten
about that one and had been working up my own, it is not exactly
highlighted. I do use UC a fair bit but it is fairly simple to bypass and
reset. Does the length of the seed affect the strength of u9d?
Peter McMurray
"Mark Brown" <Mark_Brown@[EMAIL PROTECTED]
> wrote in message
news:NPWdnfkn7Jz5dUDanZ2dnUVZ_uCinZ2d@[EMAIL PROTECTED]
> The encryption done on D3 in the Password routine creates an eight byte
> hex string by adding and multiplying and folding at the binary level.
It
> cannot be "decrypted", although there are a number of good breakers that
> simply encrypt samples until a match is found. I use one written by
> Malcolm Bull.
>
> There is a true data encryption decryption ability built into D3, the
user
> exit U9D. It encrypts the data and then decrypts it back. I've never
> heard of anyone who could break it, but probably no one has ever really
> tried.
>
> encrypted.data = iconv(seed:@[EMAIL PROTECTED]
'u9d')
> decrypted.data = oconv(seed:@[EMAIL PROTECTED]
'u9d')
>
> I once described a three-lock-box style of encryption, where the data
was
> encrypted 3 times: system, user and application. It would take 3
> passwords and would be theoretically unbreakable.
>
> Mark Brown
>
> "Excalibur" <excalibur21@[EMAIL PROTECTED]
> wrote in message
> news:DfjDj.26523$421.15767@[EMAIL PROTECTED]
>> Hi
>> I am obviously too old and naive as I was shocked to discover the
>> Australian
>> Tax Office advising people where to find Password Crackers. I can see
>> that
>> there is a problem with disgruntled employees locking up stuff then
>> shooting
>> through but given all the codswallop that we have gone through with the
>> infamous duo of Sarbanes and Oxley this seems to be a pretty major
hole.
>>
>> John the Ripper does unix variants such as linux and windows
>> www.openwall.com
>> www.lostpassword.com does just about any commercial software from MYOB
>> through zip and Windows server.
>>
>> My question to the group is does anyone have any idea how safe the
>> encryption is on our multi value systems? I am thinking of QM for
>> example
>> and I am also looking at D3 since I have been trying for years to
>> convince
>> clients of the im****tance of guarding Master/Visa card information. Of
>> course as long as people insist on printing the items out - I carefully
>> did
>> not provide such a facility, so I discovered a client bringing it up,
>> hitting PrintScreen and leaving the output lying around the office.
>> Since
>> they can do this with the Bank's own interface software my puny efforts
>> seem
>> pointless.
>>
>> Then of course we have the sheer genius of users with departments like
>> the
>> British Civil service sending the database of the entire social service
>> clients on a cd by way of a bloke on a bike. The Australian Army
officer
>> who left the CD in the departure lounge PC drive to be found by a
>> re****ter
>> no less. I am quite sure that the Yanks can provide us with even
better
>> examples.
>>
>> Peter McMurray
>>
>>
>
|
