Vulnerability Development mailing list archives
Re: OpenSSH Password Question
From: Markus Friedl <Markus.Friedl () INFORMATIK UNI-ERLANGEN DE>
Date: Sat, 9 Dec 2000 20:38:16 +0100
On Fri, Dec 08, 2000 at 05:23:34AM -0600, Erik Tayler wrote:
accounts is abc123456789. I can log in with any of the following:
abc12345
abc123456
abc1234567
abc12345678
abc123456789
abc1234567890
abc1234567890A
abc1234567890AB
it's not a bug. it's not a missconfiguration. traditionally unix allows users to enter more than 8 characters, even if only the 1st 8 are significant. however, there are several systems supporting passwords longer than 8 characters, e.g. MD5 or blowfish based password systems. openssh accepts the passwords based on the underlying system authentication libraries. -markus
Current thread:
- OpenSSH Password Question Erik Tayler (Dec 09)
- Re: OpenSSH Password Question Gordon Messmer (Dec 09)
- Re: OpenSSH Password Question White Vampire (Dec 10)
- Re: OpenSSH Password Question Daniel Jacobowitz (Dec 09)
- Re: OpenSSH Password Question Bill Weiss (Dec 10)
- Re: OpenSSH Password Question Erik Tayler (Dec 10)
- Re: OpenSSH Password Question Markus Friedl (Dec 10)
- Re: OpenSSH Password Question Bluefish (P.Magnusson) (Dec 11)
- Re: OpenSSH Password Question Markus Friedl (Dec 11)
- Re: OpenSSH Password Question Bennett Todd (Dec 12)
- Re: OpenSSH Password Question Bluefish (P.Magnusson) (Dec 12)
- Re: OpenSSH Password Question Bluefish (P.Magnusson) (Dec 11)
- Re: OpenSSH Password Question Gordon Messmer (Dec 09)
- <Possible follow-ups>
- Re: OpenSSH Password Question Vitaly McLain (Dec 10)
- Re: OpenSSH Password Question Matt Rose (Dec 10)
- Re: OpenSSH Password Question Vitaly McLain (Dec 11)
- Re: OpenSSH Password Question Matt Rose (Dec 10)