Bugtraq mailing list archives

Re: Redhat 6.0 Password Issues

From: alan () MANAWATU GEN NZ (Alan Brown)
Date: Sun, 12 Sep 1999 14:39:25 +1200


On Fri, 10 Sep 1999, Josh Higham wrote:

This is a result of UNIX crypt (I believe).  Standard unix passwords only
handle the first 8 characters of a password; RH6.0 allows you to install MD5
passwords, which can give you additional length, if desired.


Most Linux distributions do this.

Anyone relaying on DES passwd encryption these days could be said to
have no passwd encryption at all - the entire legal 1-8 character passwd
space will fit in less than 4Gb, so a determined cracker can fairly
quickly determine what any given crypted password really is.

AB

Current thread:

Redhat 6.0 Password Issues root3d (Sep 08)
- <Possible follow-ups>
- Re: Redhat 6.0 Password Issues Josh Higham (Sep 10)
  - Re: Redhat 6.0 Password Issues Erik Parker (Sep 11)
  - Re: Redhat 6.0 Password Issues Alan Brown (Sep 11)
    - CGI security Kerb (Sep 12)
    - Re: CGI security Ivo van der Wijk (Sep 13)
    - Re: CGI security Vladimir Dubrovin (Sep 14)
    - Re: CGI security Arturo Busleiman (Sep 14)
    - Multiple vulnerabilities in CDE Job de Haas (Sep 13)
    - Re: Multiple vulnerabilities in CDE Troy A. Bollinger (Sep 13)
    - Re: Multiple vulnerabilities in CDE Dan Astoorian (Sep 14)
    - Vulnerability in dtspcd Job de Haas (Sep 13)
    - Solaris 2.7 /usr/bin/mail Brock Tellier (Sep 13)
    - Stack Shield 0.5 beta vendicator () USA NET (Sep 13)

(Thread continues...)