[plug] Redhat passwords - max 8 chars!?
Christian
christian at amnet.net.au
Thu Sep 14 11:56:21 WST 2000
On Thu, Sep 14, 2000 at 11:45:26AM +0800, Carl Gherardi wrote:
> Something i noticed a while ago.
>
> All my passwords are at least 9 chars long, and i made a typo on the 10th
> char one day, and redhat(6.1) let me in.
> So after a bit of testing i found that at least the redhat distro ingnores
> everything but the first 8 chars of a password.
> Is this the same across all distros? I tested this on freeBSD and it
> rejects me..
> and why would this be?
Your distribution is using a DES style crypt(). DES has a 56-bit key.
Given 7-bit ASCII, 8 characters is the maximum that can be used to
construct the key (7 x 8 = 56). If you want longer passwords you'll
need to use MD5 hashing instead which allows up to 128 character
passwords and is a little better in that it is more computationally
expensive than DES-crypt()'s. I thought recent versions of Red Hat used
MD5 by default but since I don't use Red Hat much I can't say for sure.
Either way you can change it by switching it on in /etc/login.defs or by
editing the appropriate PAM configuration file.
Regards,
Christian.
More information about the plug
mailing list