[freefal]

Back in '07, my school still used a custom email protocol called Blitzmail that verified the user by sending a random number, having the user encrypt the random number via DES using his password as the key and then send the result back. One problem (there were many) was that passwords were 8 characters and DES only wanted a 56-bit key so the protocol just dropped the least significant bit of each character. So while everyone thought they had one password, they really had 2^8 = 256 passwords, where 'b' and 'c' were interchangeable as were 'd' and 'e' and so on...

Now that was easy to crack.

[TwoBit]

Surely they meant to drop the high bit instead of the low bit... ?

[droopyEyelids]

There must have been something like this going on with the BIOS password of my father's 386 when I was growing up.

He password protected it so we could only play for controlled periods of time, and chose "tricycle" as the password, but my sister and I guessed "bicycle" in the hours of typing every word we knew into the prompt. "bicycle" worked!

[dogma1138]

Dartmouth, I remember a talk about it not related to security it was one of the most late 80’s early 90’s “internet revolution” things I’ve seen in my life.

[freefal]

Indeed. It was actually a great system that sat somewhere between email and IM in its usage on campus. The Windows and Mac clients had notifier processes that would signal the client to poll if the server alerted them to new messages. It made messages appear nearly instantly which they did not back in the POP/IMAP time-based polling days.