Re: passwords and crypt?

To: Roger Keays <rogerk@ieee.org>, debian-security@lists.debian.org
Subject: Re: passwords and crypt?
From: "J.R. Blain" <cowboy@clockmedia.com>
Date: Thu, 29 Nov 2001 18:39:10 -0500
Message-id: <[🔎] 3C06C71E.FA6F46D6@clockmedia.com>
References: <[🔎] 3C06462A.1080705@ieee.org>

crypt(3) only uses the first 8 characters for it's hash.
roniosko is 8 characters.  Any extras would be ignored.
I think you'll find trying roniosk would fail.
md5 passwords are a much better option and available
at least from slink (2.1) on (iirc).
I'm not sure about earlier versions.



Roger Keays wrote:
> 
> Hi all,
> 
> I'm not sure if this is common knowledge or not, but I have just noticed
> the effects of having the first two letters of your password the same as
> the first two in your login name... You can use any extension of your
> password!!
> 
> e.g., on my Woody box I added a user called 'ron' and his password was
> 'roniosko'. He could login in with 'ronioskos', 'ronioskoasdfasd' and so
> forth!
> 
> I tried a few more and had the same results. This is something to do
> with the random salt right?
> 
> Can anyone else reproduce this?
> 
> Cheers,
> 
> Roger
> 
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

J.R. Blain
http://www.cowboyatheart.org/
-- 
Real programmers use chmod +x /dev/random and cross their fingers
	-- Comment found in a vi/emacs flamewar on slashdot.

Reply to:

References:
- passwords and crypt?
  - From: Roger Keays <rogerk@ieee.org>

Prev by Date: passwords and crypt?
Next by Date: Re: passwords and crypt?
Previous by thread: passwords and crypt?
Next by thread: Re: passwords and crypt?
Index(es):
- Date
- Thread