Re: passwords and crypt?
Mike Dresser wrote:
>
> On Fri, 30 Nov 2001, Roger Keays wrote:
>
> > I'm not sure if this is common knowledge or not, but I have just noticed
> > the effects of having the first two letters of your password the same as
> > the first two in your login name... You can use any extension of your
> > password!!
> >
> > e.g., on my Woody box I added a user called 'ron' and his password was
> > 'roniosko'. He could login in with 'ronioskos', 'ronioskoasdfasd' and so
> > forth!
> >
> All the ones you tried are all over 8 letters, I bet?
>
> My guess is you're using DES. DES only allows up to 8 letter passwords.
> Check your /etc/pam.d, look at login and passwd in there
>
> If you add a md5 at the end of the line that handles passwords, this will
> enable md5, which allows longer passwords. This is backwards compatible
> in that your existing passwords will still work. Once you change it or
> add another user, it will use md5.
>
Interesting. I'm running Debian 2.2r2 (dist-upgraded to testing). I
selected MD5 for my passwords during installation. However, it seems
that it has defaulted my passwords to 8 characters too:
>From /etc/pam.d/passwd (login is the same)
password required pam_unix.so nullok obscure min=4 max=8 md5
Reply to: