Bugtraq mailing list archives
Re: SSH 1.x and 2.x Daemon
From: mouse () RODENTS MONTREAL QC CA (der Mouse)
Date: Thu, 11 Feb 1999 14:46:25 -0500
[...] However in practice one can also assume that any field longer than 13 characters results in a locked account.
(This would then require custom checks to be added for systems such as FreeBSD which don't use the standard Unix DES 64-bit password encryption, but that's not so hard to do. [...])
It's not hard to do for any individual system. It's a nightmare to try to maintain such checks in a master source tree. I know of three (I think) free Unices and one commercial one that break the "length!=13 -> invalid" assumption, and as CPU speed increases make the old DES-based hashes less and less secure in practice, there will be more. der Mouse mouse () rodents montreal qc ca 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Current thread:
- Re: SSH 1.x and 2.x Daemon, (continued)
- Re: SSH 1.x and 2.x Daemon Brandon S. Allbery (Feb 09)
- Re: SSH 1.x and 2.x Daemon Greg A. Woods (Feb 09)
- Re: SSH 1.x and 2.x Daemon Casper Dik (Feb 11)
- Re: SSH 1.x and 2.x Daemon Kevin Vajk (Feb 12)
- Rainbow Six Buffer Overflow..... Brian Gemberling (Feb 11)
- Re: SSH 1.x and 2.x Daemon Casper Dik (Feb 11)
- Access 97 Password Unmasker Nate Lawson (Feb 09)
- Lynx /tmp problem Juan Diego Bolanos (Feb 09)
- Re: Lynx /tmp problem Theo de Raadt (Feb 11)
- Re: Lynx /tmp problem Glynn Clements (Feb 12)
- Re: Lynx /tmp problem Piotr Klaban (Feb 15)
- Re: SSH 1.x and 2.x Daemon der Mouse (Feb 11)
- Re: SSH 1.x and 2.x Daemon Ronny Cook (Feb 11)