passwords and crypt?

To: debian-security@lists.debian.org, rogerk@ieee.org
Subject: passwords and crypt?
From: Roger Keays <rogerk@ieee.org>
Date: Fri, 30 Nov 2001 00:28:58 +1000
Message-id: <[🔎] 3C06462A.1080705@ieee.org>


Hi all,

I'm not sure if this is common knowledge or not, but I have just noticedthe effects of having the first two letters of your password the same asthe first two in your login name... You can use any extension of yourpassword!!

e.g., on my Woody box I added a user called 'ron' and his password was'roniosko'. He could login in with 'ronioskos', 'ronioskoasdfasd' and soforth!

I tried a few more and had the same results. This is something to dowith the random salt right?


Can anyone else reproduce this?

Cheers,

Roger

Reply to:

Follow-Ups:
- Re: passwords and crypt?
  - From: "J.R. Blain" <cowboy@clockmedia.com>
- Re: passwords and crypt?
  - From: Mike Dresser <mdresser@windsormachine.com>
- Re: passwords and crypt?
  - From: thomas fischer <tom@minet.uni-jena.de>
- Re: passwords and crypt?
  - From: Tim Haynes <debian@stirfried.vegetable.org.uk>
- Re: passwords and crypt?
  - From: Régis Grison <regis@grison.org>

Prev by Date: Re: iptables with a linux bridge
Next by Date: Re: passwords and crypt?
Previous by thread: Re: [d-sec] Fwd: [suse-security-announce] SuSE Security Announcement: wuftpd (SuSE-SA:2001:043)
Next by thread: Re: passwords and crypt?
Index(es):
- Date
- Thread