[13490] in bugtraq
Rh 6.1 initial root password encryption
daemon@ATHENA.MIT.EDU (Ken Barber)
Fri Jan 21 19:58:39 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <3887A0F9.7A53C698@optusnet.com.au>
Date: Fri, 21 Jan 2000 10:57:45 +1100
Reply-To: ken@optusnet.com.au
From: Ken Barber <ken@OPTUSNET.COM.AU>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
The initial root password that is set in /etc/shadow by the Red Hat 6.1
installation program is in crypt-style, not MD5. This occurs even if you
have chosen MD5 encryption in the initial setup of RH.
A change of password _after_ initial setup changes the encryption to
MD5.
What does this mean? A seemingly long root password set by the
administrator is actually truncated to 8 characters.
ken@.