Doesn't Security Monitor allow you to encrypt these?

Doesn't seem like it would be that hard to write a script to try to brute 
force guess MPE passwords. I haven't done the math to see how much harder 
SECURITY/3000 would make this, assuming session passwords. But I imagine 
several of us have first or second hand experience with someone penetrating 
a 3000 in half an hour or less. In my last shop, I regret not declining to 
be told the system manager password, but instead asking for the challenge of 
penetrating the system. Unfortunately, that's not always a welcome bet to 
make.

Whereas I've been googling for a tool to try guessing user's Windows 
passwords. You wouldn't think it would be that hard to choose a good 
password, meaning complex / hard to guess, but easy for the owner to 
remember. I've started collecting ideas for ways to come up with memorable 
gibberish, since I'll probably get to train some users on this very thing, 
without the benefit of a LART.

I suspect that finding out a company's password complexity requirements cuts 
the time to brute force dramatically, by allowing one to not test for simple 
passwords. I have no idea how to work out the math on that one.

Greg Stigers 

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *