From owner-freebsd-security Thu May 16 14:53:52 2002 Delivered-To: freebsd-security@freebsd.org Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by hub.freebsd.org (Postfix) with ESMTP id 439C537B40A for ; Thu, 16 May 2002 14:53:49 -0700 (PDT) Received: by elvis.mu.org (Postfix, from userid 1192) id 15ADDAE027; Thu, 16 May 2002 14:53:49 -0700 (PDT) Date: Thu, 16 May 2002 14:53:49 -0700 From: Alfred Perlstein To: Jesper Wallin Cc: security@freebsd.org Subject: Re: How secure is a password and how many characters does it allow? Message-ID: <20020516215348.GB76843@elvis.mu.org> References: <1837.213.112.58.238.1021585432.squirrel@phucking.kicks-ass.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1837.213.112.58.238.1021585432.squirrel@phucking.kicks-ass.org> User-Agent: Mutt/1.3.27i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org * Jesper Wallin [020516 14:44] wrote: > > She tryed to login on the box with her 10 characters long password which > worked (ofcause) .. Now she detected that she was able to login when using a > phrase looking like [correct-password][junk/another-password].. If she start > the phrase with the correct password, she is able to login even if she add > anything else after the correct password.. For me it looks like a limit of > 10 characters passwords.. is this true? All I know is that it seems that only the first eight characters of a password are signifigant for the hash function used. -- -Alfred Perlstein [alfred@freebsd.org] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message