From owner-freebsd-security Thu May 16 15: 3:55 2002 Delivered-To: freebsd-security@freebsd.org Received: from wopr.caltech.edu (wopr.caltech.edu [131.215.103.10]) by hub.freebsd.org (Postfix) with ESMTP id CEF8037B409 for ; Thu, 16 May 2002 15:03:51 -0700 (PDT) Received: (from mph@localhost) by wopr.caltech.edu (8.11.6/8.11.6) id g4GM3gR43475; Thu, 16 May 2002 15:03:42 -0700 (PDT) (envelope-from mph) Date: Thu, 16 May 2002 15:03:42 -0700 From: Matthew Hunt To: Alfred Perlstein Cc: Jesper Wallin , security@FreeBSD.ORG Subject: Re: How secure is a password and how many characters does it allow? Message-ID: <20020516150342.A43090@wopr.caltech.edu> References: <1837.213.112.58.238.1021585432.squirrel@phucking.kicks-ass.org> <20020516215348.GB76843@elvis.mu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020516215348.GB76843@elvis.mu.org>; from bright@mu.org on Thu, May 16, 2002 at 02:53:49PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, May 16, 2002 at 02:53:49PM -0700, Alfred Perlstein wrote: > All I know is that it seems that only the first eight characters > of a password are signifigant for the hash function used. That should be true of DES passwords, but not MD5. MD5 passwords can be identified by looking in /etc/master.passwd. The password fields (the second field, right after the username) will start with $1$ if MD5 passwords are in use. I think the method of specifying MD5 vs. DES has changes since I learned to do it, so in the interest of keeping my foot out of my mouth I'll just suggest that the original poster consult the Handbook/mailing list archives/etc. -- Matthew Hunt * Eight lanes of shimmering cement from http://www.pobox.com/~mph/ * here to Pasadena! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message