From owner-freebsd-security  Thu Jun 20  6:46:37 2002
Delivered-To: freebsd-security@freebsd.org
Received: from archive.e-u-a.net (rrcs-midsouth-24-199-181-242.biz.rr.com [24.199.181.242])
	by hub.freebsd.org (Postfix) with ESMTP id E22E937B40C
	for <freebsd-security@FreeBSD.ORG>; Thu, 20 Jun 2002 06:46:30 -0700 (PDT)
Received: from armageddon (12-24-254-119.man.mn.charter.com [12.24.254.119])
	by archive.e-u-a.net (8.12.1/8.12.1) with ESMTP id g5KDg09g051496;
	Thu, 20 Jun 2002 09:42:01 -0400 (EDT)
	(envelope-from ecrist@adtechintegrated.com)
From: "Eric F Crist" <ecrist@adtechintegrated.com>
To: "'Dag-Erling Smorgrav'" <des@ofug.org>
Cc: "'Ryan Thompson'" <ryan@sasknow.com>,
	"'Bill Moran'" <wmoran@potentialtech.com>,
	<freebsd-security@FreeBSD.ORG>
Subject: RE: Password security
Date: Thu, 20 Jun 2002 08:46:25 -0500
Message-ID: <001401c21860$e02392f0$77fe180c@armageddon>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2616
In-Reply-To: <xzpsn3ififj.fsf@flood.ping.uio.no>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

So, have you changed the hash from DES to something different?  If not,
you're still dealing with an 8 character limit.  Certainly the length at
this point could be considered arbitrary, but only the first 8
characters count.

Eric F Crist
President/Sys Admin
AdTech Integrated Systems, Inc
http://www.adtechintegrated.com


-----Original Message-----
From: des@flood.ping.uio.no [mailto:des@flood.ping.uio.no] On Behalf Of
Dag-Erling Smorgrav
Sent: Thursday, June 20, 2002 3:45 AM
To: Eric F Crist
Cc: 'Ryan Thompson'; 'Bill Moran'; freebsd-security@FreeBSD.ORG
Subject: Re: Password security

"Eric F Crist" <ecrist@adtechintegrated.com> writes:
> What I failed to point out was that, if you're using FreeBSD, which I
> assume you as you're posting to this group, the FreeBSD login utility
> still only recognizes 8 character passwords, unless you've changed
that.

Wrong.  The 8-character limit was imposed by the traditional DES-based
password hashing algorithm, not by login(1).  By default, FreeBSD uses
an MD5-based hash, and supports passwords of arbitrary length.

DES
-- 
Dag-Erling Smorgrav - des@ofug.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message