Re: passwords and crypt?

To: Roger Keays <rogerk@ieee.org>
Cc: debian-security@lists.debian.org
Subject: Re: passwords and crypt?
From: thomas fischer <tom@minet.uni-jena.de>
Date: Thu, 29 Nov 2001 16:44:11 +0100 (MET)
Message-id: <[🔎] Pine.OSF.3.96.1011129163954.13687B-100000@paxp22.mipool.uni-jena.de>
In-reply-to: <[🔎] 3C06462A.1080705@ieee.org>

On Fri, 30 Nov 2001, Roger Keays wrote:

> 
> I'm not sure if this is common knowledge or not, but I have just noticed 
> the effects of having the first two letters of your password the same as 
> the first two in your login name... You can use any extension of your 
> password!!
> 
> e.g., on my Woody box I added a user called 'ron' and his password was 
> 'roniosko'. He could login in with 'ronioskos', 'ronioskoasdfasd' and so 
> forth!
> 
> I tried a few more and had the same results. This is something to do 
> with the random salt right?
> 
> Can anyone else reproduce this?
> 
> Cheers,
> 
> Roger
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 
> 
hi Roger,

maybe you dont use MD5 passwords, so only the first 8 characters will be
"compared". see

http://www.debian.org/doc/manuals/securing-debian-howto/ch3.en.html#s3.4

for more information.

tom
------				.-.
free source for free users!	/v\	 L   I   N   U   X
			       // \\	>Phear the Penguin<
			      /(   )\
			       ^^-^^

Reply to:

References:
- passwords and crypt?
  - From: Roger Keays <rogerk@ieee.org>

Prev by Date: Re: passwords and crypt?
Next by Date: Re: passwords and crypt?
Previous by thread: Re: passwords and crypt?
Next by thread: Re: passwords and crypt?
Index(es):
- Date
- Thread