From owner-freebsd-security Thu May 16 16:32:31 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail50.fg.online.no (mail50-s.fg.online.no [148.122.161.50]) by hub.freebsd.org (Postfix) with ESMTP id 34F9F37B40F for ; Thu, 16 May 2002 16:32:24 -0700 (PDT) Received: from elixor (ti500720a080-0294.bb.online.no [80.213.73.38]) by mail50.fg.online.no (8.9.3/8.9.3) with SMTP id BAA11030; Fri, 17 May 2002 01:32:21 +0200 (MET DST) Message-ID: <009501c1fd31$f7b69f10$fa00a8c0@elixor> From: =?iso-8859-1?Q?Geir_R=E5ness?= To: "Jesper Wallin" Cc: References: <007901c1fd27$02f29a10$fa00a8c0@elixor> <2079.213.112.58.238.1021587760.squirrel@phucking.kicks-ass.org> Subject: Re: How secure is a password and how many characters does it allow? Date: Fri, 17 May 2002 01:32:37 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I would advise you to change realy, blowfish is faster and bether... Also i has bether securety.. Mvh Geir Råness ----- Original Message ----- From: "Jesper Wallin" To: Cc: Sent: Friday, May 17, 2002 12:22 AM Subject: Re: How secure is a password and how many characters does it allow? > Well.. > > How will that effect my security? Isn't it more secure to use 128 characters > instead of 8? Sounds like, if the security was the same the blowfish would > be default or something similar.. What do You recommend? > > > //Jesper Wallin aka Z3l3zT > > > if you look at this article at bsdvault. > > http://bsdvault.net/sections.php?op=viewarticle&artid=89 > > > > You would see that default encryption only support 8 chars. > > > > But you can change to blowfish password, this is an easy job. > > Look at the article and you will se the guide there. > > > > Best regards > > Geir Råness > > > > ----- Original Message ----- > > From: "Jesper Wallin" > > To: > > Sent: Thursday, May 16, 2002 11:43 PM > > Subject: How secure is a password and how many characters does it > > allow? > > > > > >> Hello. > >> > >> I take the whole story from the begining.. My girl friend is/was > >> running Slackware Linux and wanted to get her webcam working.. After > >> searching for docs/help in about 1 month she decided to install > >> Windows ME (Millenium Edition). Something did go wrong with the > >> install so ext2 file system got messed up.. She removed Linux for some > >> days and is running Windows only > > now.. > >> > >> As many of us know is Windows ME quite unstable and for each program > >> you install you need to reboot.. (why??) After she reconnected to IRC > >> throught mIRC for the 6th time under 10minutes she asked me to give > >> her a shell on > > my > >> box.. Ofcause I created a new user and from now on she's running > >> irssi.. (good girl :) > >> > >> She uses a password which is 10 characters long with both caps, > >> non-caps, numbers and ascii characters.. However she's used to put to > >> small > > passwords > >> together to get a bigger and stronger password.. This password is one > >> of > > the > >> "small" passwords.. > >> > >> She tryed to login on the box with her 10 characters long password > >> which worked (ofcause) .. Now she detected that she was able to login > >> when using > > a > >> phrase looking like [correct-password][junk/another-password].. If she > > start > >> the phrase with the correct password, she is able to login even if she > >> add anything else after the correct password.. For me it looks like a > >> limit of 10 characters passwords.. is this true? > >> > >> I know I havn't seach much help by myown before asking here but I hope > >> someone out there may have an answer on my (wierd) question.. > >> > >> > >> //Jesper Wallin aka Z3l3zT > >> > >> > >> > >> To Unsubscribe: send mail to majordomo@FreeBSD.org > >> with "unsubscribe freebsd-security" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message