How do I determine which word list is in effect and what words it contains? (NETIQKB55152)

  • 7755152
  • 02-Feb-2007
  • 22-May-2007

Resolution

goal
How do I determine which word list is in effect and what words it contains?

goal
How do I recreate the Master Word List?

fact
PSPasswordManager 8.0

fact
Password Manager Word Lists 

fact
NetIQ Security Solutions for iSeries

fact
VigilEnt Security Agent for iSeries

fix

The PSPasswordManager Master Word List is a user index and cannot be browsed or listed. There is no tool in the product to determine which Word Lists comprise the User Index.

The product is shipped with a Master Word List comprised of members ENGLISH and NAMES from file PMTXF with all options for a word list specified. Numeric suffixes are built for 1 and 2 only. Dates and PIN numbers are not included. The ALL3 list is then added with only the double-up option specified. Adding the same word twice does not result in extra entries in the word list.

To see the number of words in the Master Word List, login to PSPasswordManager and select option 4 (Work With Word Lists), and press F2 (Show Count). 

To recreate the user index with the word lists of your choice, perform the following steps:

  1. Run command DLTUSRIDX PSSECURE/PMWRDLST
  2. From PSMENU, select option 4.
  3. Login to PSPasswordManager.
  4. Select option 4.
  5. Press F2 (Show Count). This will recreate the user index with zero entries.
  6. Position the cursor in the input field for ?Word list member?, and press F4 (list). Select the word list of your choice using option 1 (Select).
  7. Specify the options for generating the word list entries, such as *YES for ?Add numeric suffix to words? (Range 1 to 2) and so on.
  8. Press Enter to start updating the user index.
  9. Repeat steps 6 through 8 for additional word lists to add to the user index.

Note on options for generating user index entries from the word lists: If *YES is specified for ?Reverse word?, then the word list has effectively doubled in size. PSPasswordManager will check all the words in the dictionary forward and backward. If a user?s password is ANOZIRA (ARIZONA spelled backwards) and Reverse word is *NO, then the password will not be identified as weak. If Reverse word is *YES then it will be identified as a weak password.

The process that updates the user index reads the selected word list member and for each word it produces any selected variations. The word and its variations are then encrypted using the same algorithm that the operating system uses to encrypt passwords. 

The ENGLISH word list (with numeric suffixes for 1 and 2 only, dates and PIN numbers not included, yields 422,351 entries. After adding the ALL3 word list, user index (ENGLISH + ALL3) has 537,160 entries. The resulting size of PSSECURE/PMWRDLST *USRIDX is 17,829,888 bytes.



fix

The product uses a single word list. If there is a need to switch between pre-built word lists, rename the user index and build another one comprised of different word lists. When you need to switch word lists, simply rename them as necessary. After renaming, you may have to signoff and on again to access the current PMWRDLST user index.

To edit the shipped word lists, perform the following steps:

  • Access the Work with Word Lists screen.
  • Position the cursor in the input field for ?Word list member?, and press F4 (list).
  • Select the word list of your choice using option 2 (=Edit with SEU). You can position cursor in the input field at the top of screen and press F1 for help with SEU.


Additional Information

Formerly known as NETIQKB55152

Feedback service temporarily unavailable. For content questions or problems, please contact Support.