Re: passwords and crypt?
On Fri, 30 Nov 2001, Roger Keays wrote:
>
> I'm not sure if this is common knowledge or not, but I have just noticed
> the effects of having the first two letters of your password the same as
> the first two in your login name... You can use any extension of your
> password!!
>
> e.g., on my Woody box I added a user called 'ron' and his password was
> 'roniosko'. He could login in with 'ronioskos', 'ronioskoasdfasd' and so
> forth!
>
> I tried a few more and had the same results. This is something to do
> with the random salt right?
>
> Can anyone else reproduce this?
>
> Cheers,
>
> Roger
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
hi Roger,
maybe you dont use MD5 passwords, so only the first 8 characters will be
"compared". see
http://www.debian.org/doc/manuals/securing-debian-howto/ch3.en.html#s3.4
for more information.
tom
------ .-.
free source for free users! /v\ L I N U X
// \\ >Phear the Penguin<
/( )\
^^-^^
Reply to: