Bugtraq mailing list archives

Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability

From: Wichert Akkerman <wichert () wiggy net>
Date: Mon, 11 Jun 2001 01:18:25 +0200

Previously Peter van Dijk wrote:

crypt() passwords are never more than 8 characters - anything beyond
8 characters is discarded.


That highly depends on the crypt implementation. The original crypt
only used 8 characters, but modern implementations can use different
schemes (md5 for example).

Wichert.

-- 
  _________________________________________________________________
 /       Nothing is fool-proof to a sufficiently talented fool     \
| wichert () cistron nl                  http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |

Current thread:

Network Solutions Crypt-PW Authentication-Scheme vulnerability Peter Ajamian (Jun 08)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability aleph1 (Jun 08)
  - Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Tyler Walden (Jun 10)
    - Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Barney Wolff (Jun 11)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Chris Adams (Jun 10)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Len Sassaman (Jun 10)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Peter W (Jun 10)
  - Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Peter Ajamian (Jun 10)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Peter van Dijk (Jun 10)
  - Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Wichert Akkerman (Jun 11)
- <Possible follow-ups>
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability jkohl (Jun 10)