>I'm a bit confused. The following happened on my little alpha-box running
>NetBSD-current of a few weeks ago. I added a user and gave it a password.
>When I tried to login I made a typo, but still logged in successfully.
>I tried to login wirh both passwords after that (with and without typo)
>and managed to login in both cases. The type was in the 5th character
>of the 6-character password. My question is: Is such a thing supposed
>to happen at all, or is there something wrong with the encryption of 
>passwords on that machine. How can I check?

I _have_ seen, once in my life, two passwords which hashed to the same
thing (I only discovered it because we were running Crack).  It is
possible that you've run into the same thing.

Do _other_ random passwords let you log into this account?  Or is it
only these two?  And if you don't mind, you could always tell us
the two passwords and corresponding hashed output (after changing it
on your side, of course :-) ).

--Ken