Bugtraq mailing list archives

Re: SSH 1.x and 2.x Daemon

From: mouse () RODENTS MONTREAL QC CA (der Mouse)
Date: Thu, 11 Feb 1999 14:46:25 -0500

[...]  However in practice one can also assume that any field longer
than 13 characters results in a locked account.

(This would then require custom checks to be added for systems such
as FreeBSD which don't use the standard Unix DES 64-bit password
encryption, but that's not so hard to do.  [...])


It's not hard to do for any individual system.  It's a nightmare to try
to maintain such checks in a master source tree.  I know of three (I
think) free Unices and one commercial one that break the "length!=13 ->
invalid" assumption, and as CPU speed increases make the old DES-based
hashes less and less secure in practice, there will be more.

                                        der Mouse

                               mouse () rodents montreal qc ca
                     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Current thread:

Re: SSH 1.x and 2.x Daemon, (continued)
- Re: SSH 1.x and 2.x Daemon Brandon S. Allbery (Feb 09)
- Re: SSH 1.x and 2.x Daemon Greg A. Woods (Feb 09)
  - Re: SSH 1.x and 2.x Daemon Casper Dik (Feb 11)
    - Re: SSH 1.x and 2.x Daemon Kevin Vajk (Feb 12)
  - Rainbow Six Buffer Overflow..... Brian Gemberling (Feb 11)
- Access 97 Password Unmasker Nate Lawson (Feb 09)
- Lynx /tmp problem Juan Diego Bolanos (Feb 09)
  - Re: Lynx /tmp problem Theo de Raadt (Feb 11)
  - Re: Lynx /tmp problem Glynn Clements (Feb 12)
    - Re: Lynx /tmp problem Piotr Klaban (Feb 15)
- Re: SSH 1.x and 2.x Daemon der Mouse (Feb 11)
- Re: SSH 1.x and 2.x Daemon Ronny Cook (Feb 11)