From owner-freebsd-security Thu Sep 26 18:10:48 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 29E8A37B401 for ; Thu, 26 Sep 2002 18:10:47 -0700 (PDT) Received: from mail.ipfw.org (CPE00105a1bd83d.cpe.net.cable.rogers.com [24.112.74.128]) by mx1.FreeBSD.org (Postfix) with ESMTP id C6BE243E4A for ; Thu, 26 Sep 2002 18:10:46 -0700 (PDT) (envelope-from webbie@ipfw.org) Received: from apollo.objtech.com (apollo.objtech.com [192.168.111.5]) by mail.ipfw.org (Postfix) with ESMTP id 99F47310C; Thu, 26 Sep 2002 21:10:45 -0400 (EDT) Date: Thu, 26 Sep 2002 21:10:45 -0400 From: Webbie X-Mailer: The Bat! (v1.60p) Reply-To: Webbie X-Priority: 3 (Normal) Message-ID: <7082011095.20020926211045@ipfw.org> To: Nomad Cc: freebsd-security@freebsd.org Subject: Re: Password encoding In-Reply-To: <20020925221718.GA63296@killer.crypton.pl> References: <20020925221718.GA63296@killer.crypton.pl> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org http://bsdvault.net/sections.php?op=viewarticle&artid=89 Wednesday, September 25, 2002, 6:17:19 PM, you wrote: N> Hello N> I'v upgraded my FreeBSD to 4.6.2 some time ago. Since that day I added some new accounts to my system. Everything was OK but... But some beautifull day I made mistake and I wrote shorter password N> than the good one. And what happend ? System let me in after succesful authorization !!! N> So I made small investigation. And what I found: new auth_default value in my system is DES !!! And my password on new accounts are only 8 characters long !!! N> If you'v done the same check your master.passwd if there are some DES encoded passwords. Because 8 character password without right password policy (with short paswords in mind) are VERY easy to N> brake. I know, I don't have to say that on this list, but writting about fundamental things is never in off. N> So, if I am alone with this problem: I am sorry, I'v had to done some mistake. N> But if not: so, I think that we have to do something with this... N> I upgraded my FreeBSD by buildworld/installworld from sources. -- Webbie \\|// (o o) +-------------------------oOOo-(_)-oOOo-----------------------------+ EMail : mailto:webbie(at)ipfw(dot)org PGP Key : http://www.ipfw.org/pgpkey.txt PGP Fingerprint: 1379 3D8A 024E 3C0E 1962 4E12 3742 0684 C29C 3537 +-------------------------------------------------------------------+ Out of cards on drive D: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message