Password encoding

From: Nomad (mailman@crypton.pl)
Date: 09/26/02

• Next message: Erick Mechler: "Re: Password encoding"
• Previous message: Jarkko Santala: "Re: SSH.com on FreeBSD"
• Next in thread: Erick Mechler: "Re: Password encoding"
• Reply: Erick Mechler: "Re: Password encoding"
• Reply: Kris Kennaway: "Re: Password encoding"
• Maybe reply: Dmitry Agafonov: "Re: Password encoding"
• Reply: Webbie: "Re: Password encoding"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 26 Sep 2002 00:17:19 +0200
From: Nomad <mailman@crypton.pl>
To: freebsd-security@freebsd.org

Hello

I'v upgraded my FreeBSD to 4.6.2 some time ago. Since that day I added some new accounts to my system. Everything was OK but... But some beautifull day I made mistake and I wrote shorter password than the good one. And what happend ? System let me in after succesful authorization !!!
So I made small investigation. And what I found: new auth_default value in my system is DES !!! And my password on new accounts are only 8 characters long !!!
If you'v done the same check your master.passwd if there are some DES encoded passwords. Because 8 character password without right password policy (with short paswords in mind) are VERY easy to brake. I know, I don't have to say that on this list, but writting about fundamental things is never in off.
So, if I am alone with this problem: I am sorry, I'v had to done some mistake.
But if not: so, I think that we have to do something with this...

I upgraded my FreeBSD by buildworld/installworld from sources.

Regards

Nomad

--
[%% If you dance with devil %%]
[%% you don't changing him. %%]
[%% The devil is the one    %%]
[%% who is changing you.    %%]
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Next message: Erick Mechler: "Re: Password encoding"
• Previous message: Jarkko Santala: "Re: SSH.com on FreeBSD"
• Next in thread: Erick Mechler: "Re: Password encoding"
• Reply: Erick Mechler: "Re: Password encoding"
• Reply: Kris Kennaway: "Re: Password encoding"
• Maybe reply: Dmitry Agafonov: "Re: Password encoding"
• Reply: Webbie: "Re: Password encoding"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Password encoding ... :: in my system is DES!!! ... And my password on new accounts are only 8 ... don't use adduser to set your passwords upon account creation, ... with "unsubscribe freebsd-security" in the body of the message ... (FreeBSD-Security) Re: sshd UseLogin option ... Does UseLogin disable key authentication? ... DES ... with "unsubscribe freebsd-security" in the body of the message ... (FreeBSD-Security) Re: i need some help ... > i am not sure if i am writing to the correct list ... This list is for security issues only. ... DES ... with "unsubscribe freebsd-security" in the body of the message ... (FreeBSD-Security) Re: openssh OR openssh-portable ... Calm down and wait for 3.4p1 to hit -STABLE. ... DES ... with "unsubscribe freebsd-security" in the body of the message ... (FreeBSD-Security) Re: Fw: Re: A question about FreeBSD security ... > I prefer to use IPF 'cose of it's stateful filtering. ... IPFW can keep state as well. ... DES ... with "unsubscribe freebsd-security" in the body of the message ... (FreeBSD-Security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint