[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Password Problems??

Subject: Re: [cobalt-users] Password Problems??
From: Marco Wilka <marco@xxxxxxxxxx>
Date: Sun Oct 29 07:31:01 2000
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Sun, Oct 29, 2000 at 08:45:13PM -0800, Juzzin wrote:

Hi,

what you describe also happens on other unix systems
(for example on my Debian GNU/Linux system at home).
Even worse, only the lower 7 bit of each character are
used. So you end up with 56 bit encryption (8 chars * 7 bit)
and 2^56 = 7.2e16 possible values.

If the crypt() function of the linux kernel was better, you
could change PASS_MAX_LEN in /etc/login.defs to a higher value.

I have no working Solaris or OpenBSD installation anymore, but
I think at least the latter supported other encrytion methods than
56 bit DES.

Hope that helps. For more information: man 3 crypt, man 1 passwd,
man 5 login.defs

Bye,

	Marco

>     I logged into my account today, and su'd to root. However, I mistakenly
> made an error in the latter numeric part of my password. For example,
> instead of using "samplePass3421", I used: "samplePass342". Regardless, I
> was able to log into root, despite the fact that I truncated my password.
> When I tried other variations, I found that the numeric portion of my
> password was irrelevant. I would not think that this behavior is desirable.
> Can someone try and duplicate this behavior?

-- 
Does the name Pavlov ring a bell?

References:
- [cobalt-users] Password Problems??
  - From: Juzzin

Prev by Date: [cobalt-users] Import SSL Certificate
Next by Date: Re: [cobalt-users] Re: looking at a site before domain is transferred
Previous by thread: Re: [cobalt-users] Password Problems??
Next by thread: [cobalt-users] UK RAQ Hosts ? UK2.NET

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index