From owner-freebsd-security Tue Jan 21 11:21:50 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4C11137B401 for ; Tue, 21 Jan 2003 11:21:48 -0800 (PST) Received: from fep3.cogeco.net (smtp.cogeco.net [216.221.81.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id 92CFE43EB2 for ; Tue, 21 Jan 2003 11:21:47 -0800 (PST) (envelope-from dlavigne6@cogeco.ca) Received: from dhcp-17-14.kico2.on.cogeco.ca (d226-42-146.home.cgocable.net [24.226.42.146]) by fep3.cogeco.net (Postfix) with ESMTP id 43229308F for ; Tue, 21 Jan 2003 14:15:59 -0500 (EST) Date: Tue, 21 Jan 2003 14:20:07 -0500 (EST) From: Dru X-X-Sender: dlavigne6@dhcp-17-14.kico2.on.cogeco.ca To: security@freebsd.org Subject: bug in opiepasswd? Message-ID: <20030121140942.Y201@dhcp-17-14.kico2.on.cogeco.ca> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Has anyone else come across this weird behaviour before, or am I missing something fundamental here? If I use "opiepasswd" after a user is already in "/etc/opiekeys", the resulting seed is less than 5 characters long, rendering it unusable. It doesn't matter if I use "opiepasswd", "opiepasswd -c" or "opiepasswd -n 499". For example: opiepasswd -n 499 Old secret pass phrase: otp-md5 8 dh2324 ext Response: blah blah blah blah blah blah New secret pass phrase: otp-md5 499 dh23 ^^^^ opiekey 499 dh23 Using the MD5 algorithm to compute response. Seeds must be greater than 5 characters long. However, if I manually remove the user from "/etc/opiekeys", "opiepasswd -c" works fine and computes a useable seed. Dru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message