[1153] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: password for over 8 charactes

daemon@ATHENA.MIT.EDU (Joshua Cowan)
Thu Sep 12 20:17:48 1996

Date: Wed, 11 Sep 1996 22:21:15 -0500
From: Joshua Cowan <jcowan@jcowan.reslife.okstate.edu>
To: R.E.Wolff@BitWizard.nl (Rogier Wolff)
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <199609101746.TAA01862@cave.et.tudelft.nl>

>>>>> "RW" == Rogier Wolff <R.E.Wolff@BitWizard.nl> writes:

    RW> When the password passes 8 chars, it shows clearly in the
    RW> password file: Only 17000 entries over 8 chars left....

The shadow password suite (maintained by Marek Michalkiewicz) includes
an implementation of a MD5-based crypt (since March; I don't know if any
subsequent versions have been officially released).  This overcomes the
mentioned weakness while allowing passwords up to 128 characters in
length.

    RW> Next I can run crack exhaustively

The MD5-crypt implementation is also purposefully designed to be slow.

[REW: As was crypt when it was designed.... ]

-- 
Joshua Cowan  <jcowan@hermit.reslife.okstate.edu> _____________________
http://hermit.reslife.okstate.edu/~jcowan/       |  Comp Sci Student
"Very funny, Scotty.  Now beam down my clothes." | OSU - Stillwater, OK
PGP public key available from any PGP keyserver; get key ID 0x2CB9B63D.

home help back first fref pref prev next nref lref last post