Bugtraq: Re: Redhat 6.0 Password Issues

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Redhat 6.0 Password Issues

From: alan () MANAWATU GEN NZ (Alan Brown)
Date: Sun, 12 Sep 1999 14:39:25 +1200


On Fri, 10 Sep 1999, Josh Higham wrote:

This is a result of UNIX crypt (I believe).  Standard unix passwords only
handle the first 8 characters of a password; RH6.0 allows you to install MD5
passwords, which can give you additional length, if desired.


Most Linux distributions do this.

Anyone relaying on DES passwd encryption these days could be said to
have no passwd encryption at all - the entire legal 1-8 character passwd
space will fit in less than 4Gb, so a determined cracker can fairly
quickly determine what any given crypted password really is.

AB

By Date By Thread

Current thread:

Redhat 6.0 Password Issues root3d (Sep 08)
- <Possible follow-ups>
- Re: Redhat 6.0 Password Issues Josh Higham (Sep 10)
  - Re: Redhat 6.0 Password Issues Erik Parker (Sep 11)
  - Re: Redhat 6.0 Password Issues Alan Brown (Sep 11)
    - CGI security Kerb (Sep 12)
    - Re: CGI security Ivo van der Wijk (Sep 13)
    - Re: CGI security Vladimir Dubrovin (Sep 14)
    - Re: CGI security Arturo Busleiman (Sep 14)
    - Multiple vulnerabilities in CDE Job de Haas (Sep 13)