[11851] in bugtraq
Re: Redhat 6.0 Password Issues
daemon@ATHENA.MIT.EDU (Alan Brown)
Sun Sep 12 18:01:44 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.05.9909121436490.11010-100000@mailhost.manawatu.net.nz>
Date: Sun, 12 Sep 1999 14:39:25 +1200
Reply-To: Alan Brown <alan@MANAWATU.GEN.NZ>
From: Alan Brown <alan@MANAWATU.GEN.NZ>
X-To: Josh Higham <jhigham@BIGSKY.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <0cd301befb9e$1c3b3780$16e1fcce@tumur.bigsky.net>
On Fri, 10 Sep 1999, Josh Higham wrote:
> This is a result of UNIX crypt (I believe). Standard unix passwords only
> handle the first 8 characters of a password; RH6.0 allows you to install MD5
> passwords, which can give you additional length, if desired.
Most Linux distributions do this.
Anyone relaying on DES passwd encryption these days could be said to
have no passwd encryption at all - the entire legal 1-8 character passwd
space will fit in less than 4Gb, so a determined cracker can fairly
quickly determine what any given crypted password really is.
AB
