> > > On Thu, 2006-01-12 at 21:05:52 -0500, Steven M. Bellovin proclaimed... > > > > > How much entropy is there in a such a serial number? Little enough > > that it can be brute-forced by someone who knows the pattern? Using > > some function of the serial number and a vendor-known secret key is > > better -- until, of course, that "secret" leaks. (Anyone remember how > > telephone credit card number verification worked before they could do > > full real-time validation? The Phone Company took a 10-digit phone > > number and calculated four extra digits, based on that year's secret. > > Guess how well that secret was kept....) > > > > Hi Steven, > > I believe the Netscreen default password of a serial number can only be > entered over the console (and possibly modem/aux) port(s).
Yes. Sorry, I left that out. -M<