Date: Fri, 17 May 2002 00:14:12 +0200 From: =?iso-8859-1?Q?Geir_R=E5ness?= <pulz@pulz.no> To: "Jesper Wallin" <z3l3zt@phucking.kicks-ass.org> Cc: <security@freebsd.org> Subject: Re: How secure is a password and how many characters does it allow? Message-ID: <007901c1fd27$02f29a10$fa00a8c0@elixor> References: <1837.213.112.58.238.1021585432.squirrel@phucking.kicks-ass.org>
next in thread | previous in thread | raw e-mail | index | archive | help
if you look at this article at bsdvault. http://bsdvault.net/sections.php?op=viewarticle&artid=89 You would see that default encryption only support 8 chars. But you can change to blowfish password, this is an easy job. Look at the article and you will se the guide there. Best regards Geir Råness ----- Original Message ----- From: "Jesper Wallin" <z3l3zt@phucking.kicks-ass.org> To: <security@freebsd.org> Sent: Thursday, May 16, 2002 11:43 PM Subject: How secure is a password and how many characters does it allow? > Hello. > > I take the whole story from the begining.. My girl friend is/was running > Slackware Linux and wanted to get her webcam working.. After searching for > docs/help in about 1 month she decided to install Windows ME (Millenium > Edition). Something did go wrong with the install so ext2 file system got > messed up.. She removed Linux for some days and is running Windows only now.. > > As many of us know is Windows ME quite unstable and for each program you > install you need to reboot.. (why??) After she reconnected to IRC throught > mIRC for the 6th time under 10minutes she asked me to give her a shell on my > box.. Ofcause I created a new user and from now on she's running irssi.. > (good girl :) > > She uses a password which is 10 characters long with both caps, non-caps, > numbers and ascii characters.. However she's used to put to small passwords > together to get a bigger and stronger password.. This password is one of the > "small" passwords.. > > She tryed to login on the box with her 10 characters long password which > worked (ofcause) .. Now she detected that she was able to login when using a > phrase looking like [correct-password][junk/another-password].. If she start > the phrase with the correct password, she is able to login even if she add > anything else after the correct password.. For me it looks like a limit of > 10 characters passwords.. is this true? > > I know I havn't seach much help by myown before asking here but I hope > someone out there may have an answer on my (wierd) question.. > > > //Jesper Wallin aka Z3l3zT > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?007901c1fd27$02f29a10$fa00a8c0>