|
Vulnerability Development
mailing list archives
Re: OpenSSH Password Question
From: Daniel Jacobowitz <dmj+ () ANDREW CMU EDU>
Date: Fri, 8 Dec 2000 22:09:36 -0500
On Fri, Dec 08, 2000 at 05:23:34AM -0600, Erik Tayler wrote:
I decided this might be the most appropriate list to send this to, so
here I go.
I will start off with one basic question, does sshd
[SSH-1.99-OpenSSH_2.3.0p1]
permit the use of passwords that are longer than 8 characters? If not,
then ignore
the rest of this e-mail.
For example purposes only, let's say the password to one of my normal
user
accounts is abc123456789. I can log in with any of the following:
This is not OpenSSH's fault. You've probably noticed that the longer
passwords don't make a difference anywhere else, either. I'm willing
to bet that you're using DES passwords for your system; DES never
supported more than eight character passwords. Most modern systems
offer MD5 as an option, which supports substantially longer passwords.
Dan
/--------------------------------\ /--------------------------------\
| Daniel Jacobowitz |__| SCS Class of 2002 |
| Debian GNU/Linux Developer __ Carnegie Mellon University |
| dan () debian org | | dmj+ () andrew cmu edu |
\--------------------------------/ \--------------------------------/
 By Date 
By Thread
Current thread:
| 
Intro
