Re: SSH 1.x and 2.x Daemon

[ronny () TMX COM AU (Ronny Cook)]

> Date:         Tue, 9 Feb 1999 13:46:09 -0500
> From: "Greg A. Woods" <woods () MOST WEIRD COM>
[...]
> No standard Unix 64-bit password can ever be encoded as anything but 11
> characters plus 2 more for the "salt".  Any field that is less than 13
> characters can never match a valid password and will always result in a
> locked account.  To be ultra careful any field longer than 13 characters
> should be searched for illegal characters, i.e. any non-alpha-numeric or
> not '.' and '/'.  However in practice one can also assume that any field
> longer than 13 characters results in a locked account.
Just a couple of minor nitpicks. We don't want to go around overestimating
the effectiveness of the standard UNIX password encryption algorithm, after
all.:-)

(1) DES password encryption uses a 56-bit key, not a 64-bit key. Yes,
    the first 8 characters of the password are used, but the high bits
    are discarded.

(2) There is one special case where a "valid" DES-encrypted password
    field is *not* 13 characters long: when it is empty, indicating that
    no password need be supplied. This is obviously not recommended for
    accounts required to be secure, but there are reasons why it might
    be required.

                ...Ronny
--
 Ronald Cook, Technical Manager - Message Handling Systems/The Message eXchange
 Email: ronny () tmx com au ----- Phone: +61-2-9550-4448 ---- Fax: +61-2-9519-2551