Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 26 Sep 2002 21:10:45 -0400
From:      Webbie <webbie@ipfw.org>
To:        Nomad <mailman@crypton.pl>
Cc:        freebsd-security@freebsd.org
Subject:   Re: Password encoding
Message-ID:  <7082011095.20020926211045@ipfw.org>
In-Reply-To: <20020925221718.GA63296@killer.crypton.pl>
References:  <20020925221718.GA63296@killer.crypton.pl>
next in thread | previous in thread | raw e-mail | index | archive | help 
http://bsdvault.net/sections.php?op=viewarticle&artid=89


Wednesday, September 25, 2002, 6:17:19 PM, you wrote:

N> Hello

N> I'v upgraded my FreeBSD to 4.6.2 some time ago. Since that day I added some new accounts to my system. Everything was OK but... But some beautifull day I made mistake and I wrote shorter password
N> than the good one. And what happend ? System let me in after succesful authorization !!!
N> So I made small investigation. And what I found: new auth_default value in my system is DES !!! And my password on new accounts are only 8 characters long !!!
N> If you'v done the same check your master.passwd if there are some DES encoded passwords. Because 8 character password without right password policy (with short paswords in mind) are VERY easy to
N> brake. I know, I don't have to say that on this list, but writting about fundamental things is never in off.
N> So, if I am alone with this problem: I am sorry, I'v had to done some mistake.
N> But if not: so, I think that we have to do something with this...

N> I upgraded my FreeBSD by buildworld/installworld from sources.



-- 
Webbie
                              \\|//
                              (o o)               
+-------------------------oOOo-(_)-oOOo-----------------------------+
 EMail          : mailto:webbie(at)ipfw(dot)org
 PGP Key        : http://www.ipfw.org/pgpkey.txt
 PGP Fingerprint: 1379 3D8A 024E 3C0E 1962  4E12 3742 0684 C29C 3537
+-------------------------------------------------------------------+
Out of cards on drive D:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7082011095.20020926211045>