Re: bin/46226: underscore character ignored at the end of password

[Manuel Bouyer <bouyer%antioche.eu.org@localhost>]

The following reply was made to PR bin/46226; it has been noted by GNATS.

From: Manuel Bouyer <bouyer%antioche.eu.org@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: gnats-admin%NetBSD.org@localhost, netbsd-bugs%NetBSD.org@localhost, 
wlsidorenko%gmail.com@localhost
Subject: Re: bin/46226: underscore character ignored at the end of password
Date: Mon, 19 Mar 2012 12:53:25 +0100

 On Mon, Mar 19, 2012 at 11:20:06AM +0000, David Holland wrote:
 >  On Mon, Mar 19, 2012 at 10:40:05AM +0000, Manuel Bouyer wrote:
 >   >  I think that, by default, localcipher is 'old'. With this cipher, only
 >   >  the 8 first characters of password are used. So in your test case,
 >   >  it's the 9th caracter which is ignored, whatever it is.
 >  
 >  If so, is there any reason we shouldn't change that? Neither the old
 >  cipher nor 8-character passwords are a very good choice these days.
 
 AFAIK sysinst will choose sha1 cipher by default, and install an
 appropriate passwd.conf. I'm not sure changing existing passwd.conf on
 upgrade, nor changing the default cipher when no passwd.conf is
 present is a good idea. This could give unexpected results for
 users upgrading an existing system.
 
 -- 
 Manuel Bouyer <bouyer%antioche.eu.org@localhost>
      NetBSD: 26 ans d'experience feront toujours la difference
 --