From: Tonnerre Lombard (tonnerre.lombard@sygroup.ch)
Date: Thu Nov 02 2006 - 02:59:39 EST
Salut,
On Tue, 2006-10-31 at 14:01 +0200, Florian Rommel wrote:
> also someone said that only the most recent version of linux allow you
> to have long passwords, according to my memory, this has worked
> already for a looong time (i remember i used a long password quite a
> few years back already) so any info on that would be good too.
The reason is simple and has different results than you might think. The
problem is that the crypt() function was used as a hashing algorithm.
Now, crypt() is just a 56 bit cipher, so what it does is it takes the
first 7 bytes of input and the first 7 bytes of the key and DES encrypts
it. Thus, if you had a password longer than 7 characters, you could have
entered anything just as long as the first 7 characters were equal. As
an example:
If your password was "alamakota", then you could have entered
"alamakori" and still be logged in. Or simply "alamako".
Tonnerre
-- SyGroup GmbH Tonnerre Lombard Lösungen mit System Tel:+41 61 333 80 33 Röschenzerstrasse 9 Fax:+41 61 383 14 67 4153 Reinach BL Web:www.sygroup.ch tonnerre.lombard@sygroup.ch
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:16 EDT