RE: A question about passwords and login/authentication
From: Scott Fagg (scott.fagg_at_arup.com.au)
Date: 03/11/05
- Previous message: Roman L. Daszczyszak II: "A question about passwords and login/authentication"
- Maybe in reply to: Roman L. Daszczyszak II: "A question about passwords and login/authentication"
- Next in thread: Zero Burnout: "Re: A question about passwords and login/authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 11 Mar 2005 10:40:28 +1000 To: "Roman L. Daszczyszak II" <romandas@gmail.com>, <focus-linux@securityfocus.com>
> -----Original Message-----
> From: Roman L. Daszczyszak II [mailto:romandas@gmail.com]
> Sent: Thursday, 10 March 2005 6:57 AM
> To: focus-linux@securityfocus.com
> Subject: A question about passwords and login/authentication
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I have heard that many *nix flavors used to default to using DES as
> their password storage algorithm, but recently many Linux flavors tend
> to use MD5 hashes instead, which are more secure to brute
> force attacks.
>
> What I'm wondering is how long can a Linux password be? Can it use
> extended characters (like Windows Alt-# feature) in it's passwords and
> if so, how do you use them (aka if they aren't on the keyboard)?
I believe so. I've seen at least one case where the root password was
Alt-255,Alt-255,Alt-255 ! Trying to enter them via different clients
(console, xterm, windows SSH client, etc) might pose problems if they
interpret keystrokes differently.
>
> Additionally I have heard that an MD5 hash has no limit to
> the amount it
> can hash (iow an unlimited length password) but somewhere in the Linux
> authentication it is set to a length of 256. What imposes this length
> of password?
>
> Lastly, in communicating with a Windows XP/2000 box using SAMBA and
> Windows File sharing, how does one determine whether the
> password being
> sent across the network is encrypted and not plain text?
Packet sniffing. ethereal and tcpdump.
You might also be able to infer what it is likely to be looking at the
smb config files and registry keys on the windows box.
>
> Any information you can provide (and references to back it
> up) would be
> very helpful; thank you.
>
> Roman
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.6 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFCL2MtszjStpsfjf8RAmlBAJ0Y3xlMUc+sN7BpmeV7BwTKoo2NlQCgwvmS
> KgNlN6VnD2KlD9Crz16Cyng=
> =e4bH
> -----END PGP SIGNATURE-----
>
- Previous message: Roman L. Daszczyszak II: "A question about passwords and login/authentication"
- Maybe in reply to: Roman L. Daszczyszak II: "A question about passwords and login/authentication"
- Next in thread: Zero Burnout: "Re: A question about passwords and login/authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
