mailing list archives
Re: Article / Document about passwords vs. passphrases
From: Tonnerre Lombard <tonnerre.lombard () sygroup ch>
Date: Thu, 02 Nov 2006 08:59:39 +0100
On Tue, 2006-10-31 at 14:01 +0200, Florian Rommel wrote:
also someone said that only the most recent version of linux allow you
to have long passwords, according to my memory, this has worked
already for a looong time (i remember i used a long password quite a
few years back already) so any info on that would be good too.
The reason is simple and has different results than you might think. The
problem is that the crypt() function was used as a hashing algorithm.
Now, crypt() is just a 56 bit cipher, so what it does is it takes the
first 7 bytes of input and the first 7 bytes of the key and DES encrypts
it. Thus, if you had a password longer than 7 characters, you could have
entered anything just as long as the first 7 characters were equal. As
If your password was "alamakota", then you could have entered
"alamakori" and still be logged in. Or simply "alamako".
Lösungen mit System
Tel:+41 61 333 80 33 Röschenzerstrasse 9
Fax:+41 61 383 14 67 4153 Reinach BL
Web:www.sygroup.ch tonnerre.lombard () sygroup ch
Description: This is a digitally signed message part