[20959] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability

daemon@ATHENA.MIT.EDU (Wichert Akkerman)
Mon Jun 11 13:07:53 2001

Date: Mon, 11 Jun 2001 01:18:25 +0200
From: Wichert Akkerman <wichert@wiggy.net>
To: bugtraq@securityfocus.com
Message-ID: <20010611011824.A3199@cistron.nl>
Mail-Followup-To: bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20010609004058.A47937@dataloss.nl>; from peter@dataloss.nl on Sat, Jun 09, 2001 at 12:40:59AM +0200

Previously Peter van Dijk wrote:
> crypt() passwords are never more than 8 characters - anything beyond
> 8 characters is discarded.

That highly depends on the crypt implementation. The original crypt
only used 8 characters, but modern implementations can use different
schemes (md5 for example).

Wichert.

-- 
  _________________________________________________________________
 /       Nothing is fool-proof to a sufficiently talented fool     \
| wichert@cistron.nl                  http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[20959] in bugtraq

Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability

daemon@ATHENA.MIT.EDU (Wichert Akkerman)Mon Jun 11 13:07:53 2001

daemon@ATHENA.MIT.EDU (Wichert Akkerman)
Mon Jun 11 13:07:53 2001