From owner-freebsd-security Thu May 16 15:23: 1 2002 Delivered-To: freebsd-security@freebsd.org Received: from phucking.kicks-ass.org (c-ee3a70d5.022-45-6f72652.cust.bredbandsbolaget.se [213.112.58.238]) by hub.freebsd.org (Postfix) with ESMTP id B9F2F37B407 for ; Thu, 16 May 2002 15:22:50 -0700 (PDT) Received: from phucking.kicks-ass.org (localhost.kicks-ass.org [127.0.0.1]) by phucking.kicks-ass.org (Postfix) with SMTP id 07435517; Fri, 17 May 2002 00:22:40 +0200 (CEST) Received: from 213.112.58.238 (SquirrelMail authenticated user z3l3zt) by phucking.kicks-ass.org with HTTP; Fri, 17 May 2002 00:22:40 +0200 (CEST) Message-ID: <2079.213.112.58.238.1021587760.squirrel@phucking.kicks-ass.org> Date: Fri, 17 May 2002 00:22:40 +0200 (CEST) Subject: Re: How secure is a password and how many characters does it allow? From: "Jesper Wallin" To: In-Reply-To: <007901c1fd27$02f29a10$fa00a8c0@elixor> References: <007901c1fd27$02f29a10$fa00a8c0@elixor> X-Priority: 3 Importance: Normal X-MSMail-Priority: Normal Cc: X-Mailer: SquirrelMail (version 1.2.5) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Well.. How will that effect my security? Isn't it more secure to use 128 characters instead of 8? Sounds like, if the security was the same the blowfish would be default or something similar.. What do You recommend? //Jesper Wallin aka Z3l3zT > if you look at this article at bsdvault. > http://bsdvault.net/sections.php?op=viewarticle&artid=89 > > You would see that default encryption only support 8 chars. > > But you can change to blowfish password, this is an easy job. > Look at the article and you will se the guide there. > > Best regards > Geir Råness > > ----- Original Message ----- > From: "Jesper Wallin" > To: > Sent: Thursday, May 16, 2002 11:43 PM > Subject: How secure is a password and how many characters does it > allow? > > >> Hello. >> >> I take the whole story from the begining.. My girl friend is/was >> running Slackware Linux and wanted to get her webcam working.. After >> searching for docs/help in about 1 month she decided to install >> Windows ME (Millenium Edition). Something did go wrong with the >> install so ext2 file system got messed up.. She removed Linux for some >> days and is running Windows only > now.. >> >> As many of us know is Windows ME quite unstable and for each program >> you install you need to reboot.. (why??) After she reconnected to IRC >> throught mIRC for the 6th time under 10minutes she asked me to give >> her a shell on > my >> box.. Ofcause I created a new user and from now on she's running >> irssi.. (good girl :) >> >> She uses a password which is 10 characters long with both caps, >> non-caps, numbers and ascii characters.. However she's used to put to >> small > passwords >> together to get a bigger and stronger password.. This password is one >> of > the >> "small" passwords.. >> >> She tryed to login on the box with her 10 characters long password >> which worked (ofcause) .. Now she detected that she was able to login >> when using > a >> phrase looking like [correct-password][junk/another-password].. If she > start >> the phrase with the correct password, she is able to login even if she >> add anything else after the correct password.. For me it looks like a >> limit of 10 characters passwords.. is this true? >> >> I know I havn't seach much help by myown before asking here but I hope >> someone out there may have an answer on my (wierd) question.. >> >> >> //Jesper Wallin aka Z3l3zT >> >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message