From owner-freebsd-security  Mon Aug 27  1: 4: 2 2001
Delivered-To: freebsd-security@freebsd.org
Received: from hotmail.com (oe46.law12.hotmail.com [64.4.18.18])
	by hub.freebsd.org (Postfix) with ESMTP
	id 00E4A37B405; Mon, 27 Aug 2001 01:03:56 -0700 (PDT)
	(envelope-from default013subscriptions@hotmail.com)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Mon, 27 Aug 2001 01:03:55 -0700
X-Originating-IP: [24.14.93.185]
Reply-To: "default" <default013subscriptions@hotmail.com>
From: "default" <default013subscriptions@hotmail.com>
To: "Colin Percival" <cperciva@sfu.ca>,
	<freebsd-questions@freebsd.org>, <freebsd-security@freebsd.org>
References: <5.0.0.25.1.20010827004910.0306cfc8@popserver.sfu.ca>
Subject: Re: Logins without full password!
Date: Mon, 27 Aug 2001 02:59:16 -0500
MIME-Version: 1.0
Content-Type: text/plain;	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4807.1700
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Message-ID: <OE46l4rhYQYx3G5aYY600004a32@hotmail.com>
X-OriginalArrivalTime: 27 Aug 2001 08:03:55.0807 (UTC) FILETIME=[D19ECAF0:01C12ECE]
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Doh, ... hmmm there must be some reason why they installed it that way ...
are there any compatability issues with MD5? ...

How would one change over from DES to MD5? (withoug having to re-install)

Thanks for your help,

Jordan

----- Original Message -----
From: "Colin Percival" <cperciva@sfu.ca>
To: "default" <default013subscriptions@hotmail.com>
Sent: Monday, August 27, 2001 2:51 AM
Subject: Re: Logins without full password!


>    Sounds like you're using DES-encrypted passwords.  This is much weaker
> than MD5 encryption, and as you've noticed, only uses the first 8
> characters of a password.
>
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/crypt.html
>
> At 02:15 AM 8/27/2001 -0500, you wrote:
> >Hi,
> >
> >I just noticed that on one of my FreeBSD machines, one is able to login
via
> >any means by typing in only the first 8 or so characters of the password.
> >You can also type the first 8 characters and anything else after that,
for
> >example if the password were password, one could type: 'passwordxxxxxxx'
and
> >be able to login!
> >
> >I'm not too worried as this is only a test machine that I keep on my
> >internal network, however, I would like to know how it works...
> >
> >Is this normal? How does one disable this?
> >
> >Thanks,
> >
> >Jordan
> >
> >To Unsubscribe: send mail to majordomo@FreeBSD.org
> >with "unsubscribe freebsd-security" in the body of the message
>
>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message