[25175] in bugtraq
Re: Amazon.com Password limit
daemon@ATHENA.MIT.EDU (jon schatz)
Fri Apr 19 16:33:29 2002
From: jon schatz <jon@divisionbyzero.com>
To: Vishal Ganeriwala <gvishal@ufl.edu>
Cc: bugtraq@securityfocus.com
In-Reply-To: <20020418022413.4219.qmail@mail.securityfocus.com>
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature";
boundary="=-y62OMHi931z2lHp1TSJR"
Date: 18 Apr 2002 23:51:33 -0700
Message-Id: <1019199094.12252.4.camel@valium.divisionbyzero.com>
Mime-Version: 1.0
--=-y62OMHi931z2lHp1TSJR
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Wed, 2002-04-17 at 19:24, Vishal Ganeriwala wrote:
> That means max password lenght=20
> for amazon is 8 chars . It truncts everything after 8=20
> chars. and Amazon doesn't tell you to choose=20
> password of maximum 8 chars . I dont know security=20
> implications . But the information is useful if one is=20
> trying to bruteforce a account since he knows max=20
> password lenght is 8 char .=20
On a similar note, I was trying to login to a MSN account via gaim. I
tried my hotmail email account as a username, and used my password. No
dice. After playing around for a while, I found that the limit for
Passport passwords is 15 characters (mine was longer). This is
(obviously) much more difficult to brute force than an 8 character
password, but unpublished password limits piss me off.
-jon
--=20
jon@divisionbyzero.com || www.divisionbyzero.com
gpg key: www.divisionbyzero.com/pubkey.asc
think i have a virus? www.divisionbyzero.com/pgp.html
"You are in a twisty little maze of Sendmail rules, all confusing."=20
--=-y62OMHi931z2lHp1TSJR
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQA8v751wj1gFegse14RArBxAKCEtRxPG/ypbloZhWvqqo05iKPCcwCfQ0Jq
5Zcjj8vP7ehYYzRiqJcmk4M=
=DKaW
-----END PGP SIGNATURE-----
--=-y62OMHi931z2lHp1TSJR--
