Re: bug or feature?
On Fri, 1 Aug 1997, E.L. Meijer (Eric) wrote:
> Bjoern wrote:
> >
> > for example my password on my system is: test1
> > the user names are: delete and (of course) root
> >
> > Why is it possible to login as 'delete' and as 'root'
> > when i type instead of 'test1' as password, 'test1dfetdf' (for
> > example).
> >
> > Or more exactly: Why is it possible to type the right password an then
> > add as much letters and numbers i want to it?
> >
> > I am using a debian 1.2.6. Login made on all tyy's. 'su -' act's the
> > same.
>
> Previous replies stated that only the first 8 characters are
> significant. However Bjoern's test password `test1' is only 5
> characters long. I think his question still stands.
Presumably Bjoern knows it would be unwise to type the real password in
public. So test1 might be a substitution made at the time of posting,
without regard for conservation of password length.
This system is still running Debian 1.2, and I can't duplicate the
symptoms reported. But I don't have a user named delete. Root is (of
course, but not necessarily) called root.
> Furthermore I always wondered why there is a limitation of 8 characters.
> Wouldn't it be a lot harder to crack passwords if only they were
> allowed to be a little longer?
Agreed.
--
David Wright, Open University, Earth Science Department, Milton Keynes MK7 6AA
U.K. email: d.wright@open.ac.uk tel: +44 1908 653 739 fax: +44 1908 655 151
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: