[clue-tech] effective password length
Keith Hellman
khellman at mcprogramming.com
Thu Apr 15 22:20:00 MDT 2010
On Thu, Apr 15, 2010 at 02:31:31PM -0600, David L. Willson wrote:
> At RMSEL, a Linux Terminal Server school, they're noticing some password
> weirdness. Characters beyond x entered at the keyboard, or set in the
> password, are ignored.
>
> For example: If my password is "triton-2010" and x is 7, "triton-2009" and
> "triton-gobbajooboffala" will both log me in.
>
> Anyone familiar with a "feature" that might cause that?
This sounds like crypt DES password protocol with a 2 character salt.
See crypt(3)
IIRC, there were other such "use just the first x characters" for
varying systems in the past. But this is stretching my memory pretty
thin and my security and crypto books are all at school. My impression
is that this approach has been discarded now because the keyspace is
small enough for exhaustive search.
PAM isn't using crypt, is it?
--
Keith Hellman #include <disclaimer.h>
khellman at mcprogramming.com from disclaimer import standard
khellman at mines.edu
-*-
public key @ pgp.mit.edu 9FCF40FD
Y!M: mcprogramming AIM/ICQ: 485403897
gtalk (xmpp jabber): mrtuple at jabber.org, jabber at mcprogramming.com
-*-
"The First Python function ever written (takes place in the Garden of Eden)"
Guido sayeth "I will write def foo():"
"Hmm, I could use an import, or two",
Satan said, in a whirl, "Why not write it in Perl?",
and the second function ever written - def foo_you():
-- Python Limmerick Contest submission by cappy2112
http://groups-beta.google.com/group/comp.lang.python/browse_thread/thread/d7a780beaff2e88a/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
Url : http://cluedenver.org/pipermail/clue-tech/attachments/20100415/ad40cb40/attachment.bin
More information about the clue-tech
mailing list