From owner-freebsd-security Thu May 16 15:14:11 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail50.fg.online.no (mail50-s.fg.online.no [148.122.161.50]) by hub.freebsd.org (Postfix) with ESMTP id C896237B405 for ; Thu, 16 May 2002 15:13:57 -0700 (PDT) Received: from elixor (ti500720a080-0294.bb.online.no [80.213.73.38]) by mail50.fg.online.no (8.9.3/8.9.3) with SMTP id AAA11316; Fri, 17 May 2002 00:13:55 +0200 (MET DST) Message-ID: <007901c1fd27$02f29a10$fa00a8c0@elixor> From: =?iso-8859-1?Q?Geir_R=E5ness?= To: "Jesper Wallin" Cc: References: <1837.213.112.58.238.1021585432.squirrel@phucking.kicks-ass.org> Subject: Re: How secure is a password and how many characters does it allow? Date: Fri, 17 May 2002 00:14:12 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org if you look at this article at bsdvault. http://bsdvault.net/sections.php?op=viewarticle&artid=89 You would see that default encryption only support 8 chars. But you can change to blowfish password, this is an easy job. Look at the article and you will se the guide there. Best regards Geir Råness ----- Original Message ----- From: "Jesper Wallin" To: Sent: Thursday, May 16, 2002 11:43 PM Subject: How secure is a password and how many characters does it allow? > Hello. > > I take the whole story from the begining.. My girl friend is/was running > Slackware Linux and wanted to get her webcam working.. After searching for > docs/help in about 1 month she decided to install Windows ME (Millenium > Edition). Something did go wrong with the install so ext2 file system got > messed up.. She removed Linux for some days and is running Windows only now.. > > As many of us know is Windows ME quite unstable and for each program you > install you need to reboot.. (why??) After she reconnected to IRC throught > mIRC for the 6th time under 10minutes she asked me to give her a shell on my > box.. Ofcause I created a new user and from now on she's running irssi.. > (good girl :) > > She uses a password which is 10 characters long with both caps, non-caps, > numbers and ascii characters.. However she's used to put to small passwords > together to get a bigger and stronger password.. This password is one of the > "small" passwords.. > > She tryed to login on the box with her 10 characters long password which > worked (ofcause) .. Now she detected that she was able to login when using a > phrase looking like [correct-password][junk/another-password].. If she start > the phrase with the correct password, she is able to login even if she add > anything else after the correct password.. For me it looks like a limit of > 10 characters passwords.. is this true? > > I know I havn't seach much help by myown before asking here but I hope > someone out there may have an answer on my (wierd) question.. > > > //Jesper Wallin aka Z3l3zT > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message