Re: Article / Document about passwords vs. passphrases

[Tonnerre Lombard <tonnerre.lombard () sygroup ch>]

Salut,

On Tue, 2006-10-31 at 14:01 +0200, Florian Rommel wrote:
> also someone said that only the most recent version of linux allow you
> to have long passwords, according to my memory, this has worked
> already for a looong time (i remember i used a long password quite a
> few years back already) so any info on that would be good too.

The reason is simple and has different results than you might think. The
problem is that the crypt() function was used as a hashing algorithm.
Now, crypt() is just a 56 bit cipher, so what it does is it takes the
first 7 bytes of input and the first 7 bytes of the key and DES encrypts
it. Thus, if you had a password longer than 7 characters, you could have
entered anything just as long as the first 7 characters were equal. As
an example:

If your password was "alamakota", then you could have entered
"alamakori" and still be logged in. Or simply "alamako".

                                Tonnerre
-- 
SyGroup GmbH
Tonnerre Lombard

Lösungen mit System
Tel:+41 61 333 80 33    Röschenzerstrasse 9
Fax:+41 61 383 14 67    4153 Reinach BL
Web:www.sygroup.ch      tonnerre.lombard () sygroup ch

Attachment: signature.asc
Description: This is a digitally signed message part