Subject: Re: passwd bug ?
To: Guenther Grau <email@example.com>
From: David Gilbert <firstname.lastname@example.org>
Date: 07/13/1996 14:27:04
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Guenther" == Guenther Grau <email@example.com> writes:
Guenther> Hi Clarence,
>> I recent change the password of a user with the length of the
>> password > 8 chars (eg. abcdefgh!!). When I login using the changed
>> password user id, I could login with the password (e.g. abcdefgh).
>> Is this a bug of the passwd. Anyone knows about this. please
Guenther> No, AFAIK, Unix passwords have been limited in length to
Guenther> eight characters for a long long time. Try the same on any
Guenther> other Unix system.
Actually, there are several different behaviours here. I
recently read an FAQ about migrating from a SCO server to BSDI. One
of the points it made is that you had to go through and truncate all
the password entries to 13 characters --- because extra long passwords
to SCO generate a few more encrypted characters.
The actual DES algorithm works with blocks of 56 bits. UN*X
uses this as 8 times 7 bits. One crypt implementation that I found on
the net summed the characters beyond 8 onto the first 8, then
truncated at 7 bits... and ran the encryption.
|David Gilbert, PCI, Richmond Hill, Ontario. | Two things can only be |
|Mail: firstname.lastname@example.org | equal if and only if they |
|http://www.pci.on.ca/~dgilbert | are precisely opposite. |
-----BEGIN PGP SIGNATURE-----
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
-----END PGP SIGNATURE-----