From owner-freebsd-security Thu May 16 14:44:13 2002 Delivered-To: freebsd-security@freebsd.org Received: from phucking.kicks-ass.org (c-ee3a70d5.022-45-6f72652.cust.bredbandsbolaget.se [213.112.58.238]) by hub.freebsd.org (Postfix) with ESMTP id 4641A37B409 for ; Thu, 16 May 2002 14:44:09 -0700 (PDT) Received: from phucking.kicks-ass.org (localhost.kicks-ass.org [127.0.0.1]) by phucking.kicks-ass.org (Postfix) with SMTP id 386B3517 for ; Thu, 16 May 2002 23:43:52 +0200 (CEST) Received: from 213.112.58.238 (SquirrelMail authenticated user z3l3zt) by phucking.kicks-ass.org with HTTP; Thu, 16 May 2002 23:43:52 +0200 (CEST) Message-ID: <1837.213.112.58.238.1021585432.squirrel@phucking.kicks-ass.org> Date: Thu, 16 May 2002 23:43:52 +0200 (CEST) Subject: How secure is a password and how many characters does it allow? From: "Jesper Wallin" To: X-Priority: 3 Importance: Normal X-MSMail-Priority: Normal X-Mailer: SquirrelMail (version 1.2.5) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello. I take the whole story from the begining.. My girl friend is/was running Slackware Linux and wanted to get her webcam working.. After searching for docs/help in about 1 month she decided to install Windows ME (Millenium Edition). Something did go wrong with the install so ext2 file system got messed up.. She removed Linux for some days and is running Windows only now.. As many of us know is Windows ME quite unstable and for each program you install you need to reboot.. (why??) After she reconnected to IRC throught mIRC for the 6th time under 10minutes she asked me to give her a shell on my box.. Ofcause I created a new user and from now on she's running irssi.. (good girl :) She uses a password which is 10 characters long with both caps, non-caps, numbers and ascii characters.. However she's used to put to small passwords together to get a bigger and stronger password.. This password is one of the "small" passwords.. She tryed to login on the box with her 10 characters long password which worked (ofcause) .. Now she detected that she was able to login when using a phrase looking like [correct-password][junk/another-password].. If she start the phrase with the correct password, she is able to login even if she add anything else after the correct password.. For me it looks like a limit of 10 characters passwords.. is this true? I know I havn't seach much help by myown before asking here but I hope someone out there may have an answer on my (wierd) question.. //Jesper Wallin aka Z3l3zT To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message