Bugtraq mailing list archives

Re: Redhat 6.0 Password Issues

From: spm () STAR ARM AC UK (Scott Manley)
Date: Sun, 12 Sep 1999 23:27:37 +0100

This is a result of UNIX crypt (I believe).  Standard unix passwords only
handle the first 8 characters of a password; RH6.0 allows you to install MD5
passwords, which can give you additional length, if desired.


Most Linux distributions do this.

Anyone relaying on DES passwd encryption these days could be said to
have no passwd encryption at all - the entire legal 1-8 character passwd
space will fit in less than 4Gb, so a determined cracker can fairly
quickly determine what any given crypted password really is.


What????????? where do you get 4GB from?
there are almost 10^16 legal passwords.

PLus you're fogetting the salt which is designed to stop this preencoded
dictionary approach....

4GB maybe - if your users are instructed only to use Numbers.

Current thread:

CGI security, (continued)
- - - CGI security Kerb (Sep 12)
    - Re: CGI security Ivo van der Wijk (Sep 13)
    - Re: CGI security Vladimir Dubrovin (Sep 14)
    - Re: CGI security Arturo Busleiman (Sep 14)
    - Multiple vulnerabilities in CDE Job de Haas (Sep 13)
    - Re: Multiple vulnerabilities in CDE Troy A. Bollinger (Sep 13)
    - Re: Multiple vulnerabilities in CDE Dan Astoorian (Sep 14)
    - Vulnerability in dtspcd Job de Haas (Sep 13)
    - Solaris 2.7 /usr/bin/mail Brock Tellier (Sep 13)
    - Stack Shield 0.5 beta vendicator () USA NET (Sep 13)
    - Re: Redhat 6.0 Password Issues Scott Manley (Sep 12)
    - Re: Redhat 6.0 Password Issues Roger Espel Llima (Sep 12)
    - Vulnerability in dtsession Job de Haas (Sep 13)
- Re: Redhat 6.0 Password Issues der Mouse (Sep 28)