Your message dated: Thu, 09 Jul 1998 15:57:21 +0200
>Your message dated: Thu, 09 Jul 1998 09:45:36 -0400
>>only these two?  And if you don't mind, you could always tell us
>>the two passwords and corresponding hashed output (after changing it
>>on your side, of course :-) ).

I've done some testing and tried to reproduce it and basically found out what 
went wrong. It seems to boil down to what I would call a small user-interface 
problem. I'll try to give an explanation below, which contains several 
assumptions that may be wrong due to lack of knowledge on my part. I'd like
some comments on it from the more knowledgable around here to see if the
explanation is right. 

I thought (!!!) the following password was set for this user account:

3241sd

However, I could login using passwords like:

3241tf
3241whatever

It didn't seem to matter what came after the first  4 digits at all, which 
seemed rather strange. 

My Explanation so far:

Assumption: Only 8 characters of a password are significant.

Little Fact: The digits in the password were typed on the numeric keypad
with numlock in the `wrong' position.

The `digits' on the numeric keypad produced escape/control codes, each of two
characters (I guess). 

Another Little Fact: 2*4 = 8

Summary: While I thought I typed four digits, I produced 8 control characters 
instead, leaving the rest of the password characters as insignificant.
 
Opinion: I think this should be regarded as a security bug, although minor.
The usefulness of allowing control characters seems rather limited to me,
as these are often difficult to reproduce on different 
systems/keyboards/configurations. I think the `passwd' command should 
therefore not allow the use of control characters in password and give an 
error or at least a warning about it, as what the system actually does and 
what the user thinks it does may be different. The other reason would be that 
such a password is rather weak, it has about the strength of a four digit 
password where an 8 digit is expected.

Feico Dillema.