Bugtraq mailing list archives
Re: Amazon.com Password limit
From: jon schatz <jon () divisionbyzero com>
Date: 18 Apr 2002 23:51:33 -0700
On Wed, 2002-04-17 at 19:24, Vishal Ganeriwala wrote:
That means max password lenght for amazon is 8 chars . It truncts everything after 8 chars. and Amazon doesn't tell you to choose password of maximum 8 chars . I dont know security implications . But the information is useful if one is trying to bruteforce a account since he knows max password lenght is 8 char .
On a similar note, I was trying to login to a MSN account via gaim. I tried my hotmail email account as a username, and used my password. No dice. After playing around for a while, I found that the limit for Passport passwords is 15 characters (mine was longer). This is (obviously) much more difficult to brute force than an 8 character password, but unpublished password limits piss me off. -jon -- jon () divisionbyzero com || www.divisionbyzero.com gpg key: www.divisionbyzero.com/pubkey.asc think i have a virus? www.divisionbyzero.com/pgp.html "You are in a twisty little maze of Sendmail rules, all confusing."
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Amazon.com Password limit Vishal Ganeriwala (Apr 18)
- Re: Amazon.com Password limit jon schatz (Apr 19)