From owner-freebsd-stable  Thu Mar 19 19:03:07 1998
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id TAA05976
          for freebsd-stable-outgoing; Thu, 19 Mar 1998 19:03:07 -0800 (PST)
          (envelope-from owner-freebsd-stable@FreeBSD.ORG)
Received: from portwwwbus.tc.cc.va.us (portwwwbus.tc.cc.va.us [164.106.211.16])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA05962
          for <stable@freebsd.org>; Thu, 19 Mar 1998 19:02:41 -0800 (PST)
          (envelope-from djflow@portwwwbus.tc.cc.va.us)
Received: from localhost (djflow@localhost)
	by portwwwbus.tc.cc.va.us (8.8.5/8.8.5) with SMTP id WAA03213
	for <stable@freebsd.org>; Thu, 19 Mar 1998 22:02:18 -0500 (EST)
Date: Thu, 19 Mar 1998 22:02:17 -0500 (EST)
From: Derek Flowers <djflow@portwwwbus.tc.cc.va.us>
To: stable@FreeBSD.ORG
Subject: Re: Password Characters Not Required???
Message-ID: <Pine.BSF.3.96.980319220149.3185C-100000@portwwwbus.tc.cc.va.us>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk

The MD5 algorithm includes a salt with the password.  Doesn't this have
something to do with the password lengths?  I'm not positive but it makes
sense.

----------------------------------------
Derek Flowers
djflow@erols.com
http://portwwwbus.tc.cc.va.us/~djflow

"640K ought to be enough for anybody." 
-Bill Gates, circa 1981

On Fri, 20 Mar 1998, John Saunders wrote:

> Sue Blake wrote:
> > I don't understand this stuff, but I did a braindead-newbie installation of
> > 2.2.2 and I use long passwords because I never heard there was a limit of 8.
> > The long passwords are very real on my system.
> > 
> > My 43 character password doesn't work if I leave characters off the end.
> > My 89 character password doesn't work if I omit or change the last
> > character.
> 
> Hmm, I suspect you didn't install the DES security stuff (the bit that
> warns you about not installing if you are not a US resident). DES is a
> compatible algorithm that only takes 8 significant characters from the
> password. If you use DES you can copy /etc/passwd entries from one Unix
> OS to another and expect them to work. The default is to use MD5 which
> only allows the encrypted passwords to work with FreeBSD (or maybe a
> small number of others). I strongly suspect (but don't know for sure)
> that the MD5 code uses all the letters you supply or a very large
> number of them.
> 
> Cheers.
> --        +------------------------------------------------------------+
>       .   | John Saunders   mailto:John.Saunders@scitec.com.au  (Work) |
>   ,--_|\  |                 mailto:john@nlc.net.au              (Home) |
>  /  Oz  \ |                 http://www.nlc.net.au/~john/               |
>  \_,--\_/ | SCITEC LIMITED  Phone +61 2 9428 9563  Fax +61 2 9428 9933 |
>        v  |    "By the time you make ends meet, they move the ends."   |
>           +------------------------------------------------------------+
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-stable" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message