tlug: Wrong password worked!

["Stephen J. Turnbull" <turnbull@example.com>]

>>>>> "Darren" == Darren Cook <darren@example.com> writes:

    Darren> I was just logging in via telnet, and after typing my
    Darren> password I hit another key instead of enter. Oh well,
    Darren> backspace just makes matters worse, so I press enter
    Darren> anyway.

    Darren> And it works.

I assume you have an 8-character password?  Extending a 7-character
password doesn't work, I hope.

Why this decision was made, I don't know, but the standard password
encryption function simply truncates the string at 8 characters.  So
only the first 8 are significant.  I'm not sure why the truncation
wasn't left up to the user.  It doesn't make much difference to
security, except that maybe you can confuse someone looking over your
shoulder by typing a half-dozen extra characters....

There's more detail in `man 3 crypt'.

Modern authentication systems require either a hardware token or a
software token protected by a longer passphrase and presumably stored
on a single device which is not physically accessible from the
network.

-- 
University of Tsukuba                Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Institute of Policy and Planning Sciences       Tel/fax: +81 (298) 53-5091
__________________________________________________________________________
__________________________________________________________________________
What are those two straight lines for?  "Free software rules."
-------------------------------------------------------------------
Next Nomikai: 14 January 1999, 19:30 Tengu TokyoEkiMae 03-3275-3691
*** it will will be Jan 14 (Thu), as Jan 15 (Fri) is a natl holiday
Next Technical Meeting: 13 February, 12:30               Place: TBD
-------------------------------------------------------------------
more info: http://tlug.linux.or.jp                     Sponsor: PHT