Security Implications of Novell eDirectory.

Date: 05/30/02

Date: Thu, 30 May 2002 10:56:30 +0200


I was wondering what people's thoughts were regarding the product Novell
eDirectory. I've had a quick look at the implementation and have found that
eDirectory's passwords are case-insensitive. Comparing this to case
passwords this radically reduces the number of passwords the system can


  Case Sensitive Case Insensitive
  26 52 Alpha
  10 10 Numeric
  26 26 Special
  ---- ----
  62 88

Thus for a password 8 characters long we get the following number of
combinations respectively.

  62^8-1 88^8-1

This means that case sensitive passwords are 16.47 times stronger than case

Could I deduce that from this using Active Directory vs. eDirectory, AD is
times stronger with passwords than secure in a password sense? Is this a

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from any

Relevant Pages

  • OT: Apache Auth help needed Summary
    ... solution is to choose a different encryption method for the passwords ... the intended recipient, you are hereby notified that any dissemination of ... this communication is strictly prohibited. ... attachments and notify us immediately. ...
  • Web start Install of a Flash Archive
    ... besides users and passwords, DiskSuite meta information ... GIS Chicago Data Center System Administrator ... authorized to receive this message for the intended recipient), ...
  • RE: Security Logging - Passwords & Accounts
    ... Security Logging - Passwords & Accounts ... is not the intended recipient or the employee or agent responsible to ...
  • SQL Server passwords
    ... passwords in SQL server. ... auditing tool that is ... entities other than the intended recipient is prohibited. ...
  • Re: Password Generation Procedure?
    ... passwords made up by people themselves) usually are easier to guess. ... delivering to the intended recipient, be advised that you have received ... any legal responsibility for the content of this message. ... To encrypt classified messages, please download and use this PGP-Key: ...