> [...] However in practice one can also assume that any field longer > than 13 characters results in a locked account. > (This would then require custom checks to be added for systems such > as FreeBSD which don't use the standard Unix DES 64-bit password > encryption, but that's not so hard to do. [...]) It's not hard to do for any individual system. It's a nightmare to try to maintain such checks in a master source tree. I know of three (I think) free Unices and one commercial one that break the "length!=13 -> invalid" assumption, and as CPU speed increases make the old DES-based hashes less and less secure in practice, there will be more. der Mouse mouseat_private 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:33:57 PDT