Date: Thu, 20 Jun 2002 08:46:25 -0500 From: "Eric F Crist" <ecrist@adtechintegrated.com> To: "'Dag-Erling Smorgrav'" <des@ofug.org> Cc: "'Ryan Thompson'" <ryan@sasknow.com>, "'Bill Moran'" <wmoran@potentialtech.com>, <freebsd-security@FreeBSD.ORG> Subject: RE: Password security Message-ID: <001401c21860$e02392f0$77fe180c@armageddon> In-Reply-To: <xzpsn3ififj.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
So, have you changed the hash from DES to something different? If not, you're still dealing with an 8 character limit. Certainly the length at this point could be considered arbitrary, but only the first 8 characters count. Eric F Crist President/Sys Admin AdTech Integrated Systems, Inc http://www.adtechintegrated.com -----Original Message----- From: des@flood.ping.uio.no [mailto:des@flood.ping.uio.no] On Behalf Of Dag-Erling Smorgrav Sent: Thursday, June 20, 2002 3:45 AM To: Eric F Crist Cc: 'Ryan Thompson'; 'Bill Moran'; freebsd-security@FreeBSD.ORG Subject: Re: Password security "Eric F Crist" <ecrist@adtechintegrated.com> writes: > What I failed to point out was that, if you're using FreeBSD, which I > assume you as you're posting to this group, the FreeBSD login utility > still only recognizes 8 character passwords, unless you've changed that. Wrong. The 8-character limit was imposed by the traditional DES-based password hashing algorithm, not by login(1). By default, FreeBSD uses an MD5-based hash, and supports passwords of arbitrary length. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001401c21860$e02392f0$77fe180c>