Vulnerability Development mailing list archives
Re: OpenSSH Password Question
From: "Bluefish (P.Magnusson)" <11a () GMX NET>
Date: Sun, 10 Dec 2000 14:20:39 +0100
As a minor comment, I've heard some people (not in this ml) complain about the fact that old fashion unix cuts passwords and think it would be a great idea to update the old crypt to support longer DES passwords. The reason why you don't want that is rather simple to show mathimaticaly. Assume you use strong passwords with a-zA-Z0-9 and 8 characters long passwords. You get 36^8 possible different passwords, which are hashed into a 2^40 bit DES hash. But 36^8 / 2^40 = 2.6, meaning that each checksum have multiple matches. The hash is no longer able to improve security. Thats why we use MD5 instead :)
it's not a bug. it's not a missconfiguration. traditionally unix allows users to enter more than 8 characters, even if only the 1st 8 are significant. however, there are several systems supporting passwords longer than 8 characters, e.g. MD5 or blowfish based password systems.
..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team http://www.eff.org/cafe
Current thread:
- OpenSSH Password Question Erik Tayler (Dec 09)
- Re: OpenSSH Password Question Gordon Messmer (Dec 09)
- Re: OpenSSH Password Question White Vampire (Dec 10)
- Re: OpenSSH Password Question Daniel Jacobowitz (Dec 09)
- Re: OpenSSH Password Question Bill Weiss (Dec 10)
- Re: OpenSSH Password Question Erik Tayler (Dec 10)
- Re: OpenSSH Password Question Markus Friedl (Dec 10)
- Re: OpenSSH Password Question Bluefish (P.Magnusson) (Dec 11)
- Re: OpenSSH Password Question Markus Friedl (Dec 11)
- Re: OpenSSH Password Question Bennett Todd (Dec 12)
- Re: OpenSSH Password Question Bluefish (P.Magnusson) (Dec 12)
- Re: OpenSSH Password Question Bluefish (P.Magnusson) (Dec 11)
- Re: OpenSSH Password Question Gordon Messmer (Dec 09)
- <Possible follow-ups>
- Re: OpenSSH Password Question Vitaly McLain (Dec 10)
- Re: OpenSSH Password Question Matt Rose (Dec 10)
- Re: OpenSSH Password Question Vitaly McLain (Dec 11)
- Re: OpenSSH Password Question Matt Rose (Dec 10)