From owner-freebsd-security  Thu May 16 14:44:13 2002
Delivered-To: freebsd-security@freebsd.org
Received: from phucking.kicks-ass.org (c-ee3a70d5.022-45-6f72652.cust.bredbandsbolaget.se [213.112.58.238])
	by hub.freebsd.org (Postfix) with ESMTP id 4641A37B409
	for <security@freebsd.org>; Thu, 16 May 2002 14:44:09 -0700 (PDT)
Received: from phucking.kicks-ass.org (localhost.kicks-ass.org [127.0.0.1])
	by phucking.kicks-ass.org (Postfix) with SMTP id 386B3517
	for <security@freebsd.org>; Thu, 16 May 2002 23:43:52 +0200 (CEST)
Received: from 213.112.58.238
        (SquirrelMail authenticated user z3l3zt)
        by phucking.kicks-ass.org with HTTP;
        Thu, 16 May 2002 23:43:52 +0200 (CEST)
Message-ID: <1837.213.112.58.238.1021585432.squirrel@phucking.kicks-ass.org>
Date: Thu, 16 May 2002 23:43:52 +0200 (CEST)
Subject: How secure is a password and how many characters does it allow?
From: "Jesper Wallin" <z3l3zt@phucking.kicks-ass.org>
To: <security@freebsd.org>
X-Priority: 3
Importance: Normal
X-MSMail-Priority: Normal
X-Mailer: SquirrelMail (version 1.2.5)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hello.

I take the whole story from the begining.. My girl friend is/was running
Slackware Linux and wanted to get her webcam working.. After searching for
docs/help in about 1 month she decided to install Windows ME (Millenium
Edition). Something did go wrong with the install so ext2 file system got
messed up.. She removed Linux for some days and is running Windows only now..

As many of us know is Windows ME quite unstable and for each program you
install you need to reboot.. (why??) After she reconnected to IRC throught
mIRC for the 6th time under 10minutes she asked me to give her a shell on my
box.. Ofcause I created a new user and from now on she's running irssi..
(good girl :)

She uses a password which is 10 characters long with both caps, non-caps,
numbers and ascii characters.. However she's used to put to small passwords
together to get a bigger and stronger password.. This password is one of the
"small" passwords..

She tryed to login on the box with her 10 characters long password which
worked (ofcause) .. Now she detected that she was able to login when using a
phrase looking like [correct-password][junk/another-password].. If she start
the phrase with the correct password, she is able to login even if she add
anything else after the correct password.. For me it looks like a limit of
10 characters passwords.. is this true?

I know I havn't seach much help by myown before asking here but I hope
someone out there may have an answer on my (wierd) question..


//Jesper Wallin aka Z3l3zT



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message