on Tue, Dec 16, 2003 at 05:34:02PM -0600, Jacob S. (stormspotter@6texans.net) wrote: > On Tue, 16 Dec 2003 20:22:03 -0300 > Diego Crivelli <dcrivelli@com.uncor.edu> wrote: > > <snip> > > I created a user on my woody box with adduser and when prompted for > > the password I wrote a word with more than 8 characters. But I can > > login by supply only the first 8 characters. I tried changing the > > 'maxlength' value on login.defs, didn't work. So, how can I use > > passwords of more than 8 characters?. Thanks. > <snip> > > Howdy Diego, > > As root, run "dpkg-reconfigure passwd". It will bring up a dialog box > asking if you want to enable md5 passwords - answer Yes, and then it > will allow you to use passwords longer than 8 characters. $ man 3 crypt Explanation being: the default "crypt" Unix passwords (used for compatibility and tradition) only encode the first 8 bytes of a password (low 7 bits of each character, 56 bits), along with a two byte "salt" (4096 possible values). In the past week or so, a project has demonstrated that it's possible to effectively precompute all crypted, salted values on reasonably attainable hardware, making brute forcing passwords possible: http://slashdot.org/article.pl?sid=03/12/08/192205 http://security.sdsc.edu/publications/teracrack.pdf Peace. -- Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/ What Part of "Gestalt" don't you understand? We are the unwilling... led by the unqualified... to do the unnecessary... for the ungrateful... -- GI in Vietnam, 1970
Attachment:
pgpQzn2hTKPCj.pgp
Description: PGP signature