[13490] in bugtraq

home help back first fref pref prev next nref lref last post

Rh 6.1 initial root password encryption

daemon@ATHENA.MIT.EDU (Ken Barber)
Fri Jan 21 19:58:39 2000

Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id:  <3887A0F9.7A53C698@optusnet.com.au>
Date:         Fri, 21 Jan 2000 10:57:45 +1100
Reply-To: ken@optusnet.com.au
From: Ken Barber <ken@OPTUSNET.COM.AU>
X-To:         bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM

The initial root password that is set in /etc/shadow by the Red Hat 6.1
installation program is in crypt-style, not MD5. This occurs even if you
have chosen MD5 encryption in the initial setup of RH.

A change of password _after_ initial setup changes the encryption to
MD5.

What does this mean? A seemingly long root password set by the
administrator is actually truncated to 8 characters.

ken@.

home help back first fref pref prev next nref lref last post