PASSWORD - V64 (AREV Specific)
At 21 OCT 2002 04:44:41PM Roy G Drummond wrote:
There seems to have been no discussion of V64 for about 6 years. I should let sleeping dogs lie, but…
We just had a user password disappear. I executed PASSWORD and discovered that if you pressed Enter at the 'Old Password' message (W124) it would continue on to the 'Enter New PAssword' messages without balking. With 3 fast Enters a password can be cleared. Has it always worked like this? Any way to make the 'Old Password' message required?
Roy
At 21 OCT 2002 05:09PM [url=http://www.sprezzatura.com]The Sprezzatura Group[/url] wrote:
There are other routines (not named V64) which AREV also supplies for encryption of passwords. I haven't noticed any weakness with the AREV passwords being retained or nulled, especially in AREV 3.12.
Please note that any open discussion of AREV's security mechanisms would obviously compromise their value within the product.
You could call MSG with an 'RC' parameter and then encrypt the password using a routine similar to the following one (below).
Authentication would entail comparing the stored encrypted string with the encrypted user-entered string.
A "build-your-own" approach to security is recommended for self-evident reasons.
Steve
World Leaders in all things RevSoft
expendable function encode(password) hash.number={insert your own hardcoded value here} large.prime={insert your own hardcoded value here} loop while password ne "" hash.number=mod(hash.number,large.prime) * seq(password1,1) + 1 password1,1=" repeat loop while hash.number ne 0 password=password : char(seq('A') + mod(hash.number,51)) hash.number=int(hash.number / 51) repeat return password