Mailing List Archive

Support open source code!


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: tlug: Wrong password worked!



On Tue, 5 Jan 1999, Scott Stone wrote:

> Date: Tue, 5 Jan 1999 12:59:16 -0700 (MST)
> From: Scott Stone <sstone@example.com>
> Reply-To: tlug@example.com
> To: tlug@example.com
> Subject: Re: tlug: Wrong password worked!
> 
> On Tue, 22 Dec 1998, Darren Cook wrote:
> 
> > I was just logging in via telnet, and after typing my password I hit
> > another key instead of enter. Oh well, backspace just makes matters worse,
> > so I press enter anyway.
> > 
> > And it works.
> > 
> > Just to be sure I logged in again, deliberately adding an extra letter to
> > the end of the password.
> > 
> > Why does this work? Shorter passwords, or replacing the last letter of the
> > password all fail, so I don't suppose this is a security problem.
> 
> It ignores all but the first 8 characters.
> 
> --------------------------------------------------
> Scott M. Stone <sstone@example.com>
> Head of TurboLinux English / Systems Administrator
> Pacific HiTech, Inc. (http://www.turbolinux.com)
> 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

        thats sounds pretty interesting/strange.  im a bit
        hesitant of posting this because i dont think i have
        have the correct answer here, but i think...

        what i think is the problem is caused by having
        a passwd over 8 characters.

passwd(1)

       The  user  is  then  prompted  for a replacement password.
       This password is tested  for  complexity.   As  a  general
       guideline,  passwords  should consist of 6 to 8 characters
       including one or more from each of following sets:


crypt()
        and i have looked at this for a bit but i think this is
        due to how crypt() processes the passwd salt.


        /* Refine the Salt first */
        sp = salt;

        /* If it starts with the magic string, then skip that */
        if(!strncmp(sp,magic,strlen(magic)))
                sp += strlen(magic);

        /* It stops at the first '$', max 8 chars */
        for(ep=sp;*ep && *ep != '$' && ep < (sp+8);ep++)
                continue;

        /* get the length of the true salt */
        sl = ep - sp;

-------

        so anything past the 8th character is dropped.

-------
        but i dont think i really know what im talking about.



========================================================================
  History has taught us: never underestimate the amount of money, time,
  and effort someone will expend to thwart a security system. It's
  always better to assume the worst. Assume your adversaries are better
  than they are. Assume science and technology will soon be able to do
  things they cannot yet.               --Bruce Schneier
========================================================================

-------------------------------------------------------------------
Next Nomikai: 14 January 1999, 19:30 Tengu TokyoEkiMae 03-3275-3691
*** it will will be Jan 14 (Thu), as Jan 15 (Fri) is a natl holiday
Next Technical Meeting: 13 February, 12:30               Place: TBD
-------------------------------------------------------------------
more info: http://tlug.linux.or.jp                     Sponsor: PHT


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links