Re: SSH 1.x and 2.x Daemon

From: der Mouse (mouseat_private)
Date: Thu Feb 11 1999 - 11:46:25 PST

Next message: Theo de Raadt: "Re: Lynx /tmp problem"

Previous message: Lupe Christoph: "Re: AW: Security Bug in Bintec Router Firmware (CLID)"
Next in thread: Casper Dik: "Re: SSH 1.x and 2.x Daemon"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> [...]  However in practice one can also assume that any field longer
> than 13 characters results in a locked account.

> (This would then require custom checks to be added for systems such
> as FreeBSD which don't use the standard Unix DES 64-bit password
> encryption, but that's not so hard to do.  [...])

It's not hard to do for any individual system.  It's a nightmare to try
to maintain such checks in a master source tree.  I know of three (I
think) free Unices and one commercial one that break the "length!=13 ->
invalid" assumption, and as CPU speed increases make the old DES-based
hashes less and less secure in practice, there will be more.

					der Mouse

			       mouseat_private
		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Next message: Theo de Raadt: "Re: Lynx /tmp problem"
Previous message: Lupe Christoph: "Re: AW: Security Bug in Bintec Router Firmware (CLID)"
Next in thread: Casper Dik: "Re: SSH 1.x and 2.x Daemon"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:33:57 PDT