on Tue, Dec 16, 2003 at 05:34:02PM -0600, Jacob S. ([EMAIL PROTECTED]) wrote: > On Tue, 16 Dec 2003 20:22:03 -0300 > Diego Crivelli <[EMAIL PROTECTED]> wrote: > > <snip> > > I created a user on my woody box with adduser and when prompted for > > the password I wrote a word with more than 8 characters. But I can > > login by supply only the first 8 characters. I tried changing the > > 'maxlength' value on login.defs, didn't work. So, how can I use > > passwords of more than 8 characters?. Thanks. > <snip> > > Howdy Diego, > > As root, run "dpkg-reconfigure passwd". It will bring up a dialog box > asking if you want to enable md5 passwords - answer Yes, and then it > will allow you to use passwords longer than 8 characters.
$ man 3 crypt
Explanation being: the default "crypt" Unix passwords (used for
compatibility and tradition) only encode the first 8 bytes of a
password (low 7 bits of each character, 56 bits), along with a two byte
"salt" (4096 possible values).
In the past week or so, a project has demonstrated that it's possible to
effectively precompute all crypted, salted values on reasonably attainable
hardware, making brute forcing passwords possible:
http://slashdot.org/article.pl?sid=03/12/08/192205
http://security.sdsc.edu/publications/teracrack.pdf
Peace.
--
Karsten M. Self <[EMAIL PROTECTED]> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
We are the unwilling... led by the unqualified... to do the
unnecessary... for the ungrateful...
-- GI in Vietnam, 1970
pgp00000.pgp
Description: PGP signature
