Bugtraq mailing list archives
Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability
From: Peter van Dijk <peter () dataloss nl>
Date: Sat, 9 Jun 2001 00:40:59 +0200
On Fri, Jun 08, 2001 at 12:37:34AM -0700, Peter Ajamian wrote: [snip]
computer. A new 1ghz computer could easily crank out 6 char passwords in mere seconds, 8 char passwords in a few hours, and a 10 char password probably in a week to a month or better.
crypt() passwords are never more than 8 characters - anything beyond 8 characters is discarded. [snip]
Possible Workarounds: Do not use the Crypt-PW authentication-scheme. Instead use the MAIL_FROM or PGP scheme instead.
MAIL_FROM is even less secure than CRYPT-PW. Use PGP :)
If you must use CRYPT-PW then the following suggestions are recommended: - Password should be at least 10 characters in length.
Again, anything over 8 is useless. All in all NetSol still hasn't learned. Greetz, Peter.
Current thread:
- Network Solutions Crypt-PW Authentication-Scheme vulnerability Peter Ajamian (Jun 08)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability aleph1 (Jun 08)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Tyler Walden (Jun 10)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Barney Wolff (Jun 11)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Tyler Walden (Jun 10)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Chris Adams (Jun 10)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Len Sassaman (Jun 10)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Peter W (Jun 10)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Peter Ajamian (Jun 10)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Peter van Dijk (Jun 10)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Wichert Akkerman (Jun 11)
- <Possible follow-ups>
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability jkohl (Jun 10)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability aleph1 (Jun 08)