A question about passwords and login/authentication

From: Roman L. Daszczyszak II (romandas_at_gmail.com)
Date: 03/09/05

  • Next message: Scott Fagg: "RE: A question about passwords and login/authentication" 
    Date: Wed, 09 Mar 2005 14:57:17 -0600
To: focus-linux@securityfocus.com

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I have heard that many *nix flavors used to default to using DES as
    their password storage algorithm, but recently many Linux flavors tend
    to use MD5 hashes instead, which are more secure to brute force attacks.

    What I'm wondering is how long can a Linux password be? Can it use
    extended characters (like Windows Alt-# feature) in it's passwords and
    if so, how do you use them (aka if they aren't on the keyboard)?

    Additionally I have heard that an MD5 hash has no limit to the amount it
    can hash (iow an unlimited length password) but somewhere in the Linux
    authentication it is set to a length of 256. What imposes this length
    of password?

    Lastly, in communicating with a Windows XP/2000 box using SAMBA and
    Windows File sharing, how does one determine whether the password being
    sent across the network is encrypted and not plain text?

    Any information you can provide (and references to back it up) would be
    very helpful; thank you.

    Roman
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.6 (GNU/Linux)
    Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

    iD8DBQFCL2MtszjStpsfjf8RAmlBAJ0Y3xlMUc+sN7BpmeV7BwTKoo2NlQCgwvmS
    KgNlN6VnD2KlD9Crz16Cyng=
    =e4bH
    -----END PGP SIGNATURE-----

  • Next message: Scott Fagg: "RE: A question about passwords and login/authentication"