Re: Shadow Passwords

To: debian-user@Pixar.com
Subject: Re: Shadow Passwords
From: Lars Wirzenius <liw@iki.fi>
Date: Mon, 05 Feb 1996 01:04:35 +0200
Message-id: <[🔎] m0tjDU3-000AKcC@liw.clinet.fi>
In-reply-to: Your message of "Sun, 04 Feb 1996 13:44:00 GMT." <[🔎] m0tj4kO-0002bjC@chiark.chu.cam.ac.uk>

Ian Jackson:
> Well, speaking as one of those `some people', I'd like to point out
> that things like the recent security hole in login where typing in a
> long username would cause a buffer overrun don't exactly give me great
> confidence in the implementation quality.

Indeed.

I'm neutral about shadow passwords myself, but there are a couple of
things I dream about, some of which shadows provide:

	Long passwords, with a maximum of at least 128 characters.
	I much prefer a passphrase, since it is easier to remember than
	a password.
	
	Long usernames; my last name is longer than 8 characters, and I
	hate to have it truncated.  This is also required for the
	next step.
	
	8-bit clean usernames and passwords, preferably by encoding
	them both with the UTF-2 encoding of Unicode.
	
That last one, especially, is a bit of problem to implement...

All of these, I realize, make things difficult for people in a networked
environment, so they would have to be made optional.

Reply to:

References:
- Re: Shadow Passwords
  - From: Ian Jackson <ian@chiark.chu.cam.ac.uk>

Prev by Date: Re: how to change the kernel in the boot disk?
Next by Date: Re: SCSI CD-ROM Mounting
Previous by thread: Re: Shadow Passwords
Next by thread: Re: Shadow Passwords
Index(es):
- Date
- Thread