Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability

From: Wichert Akkerman (wichertat_private)
Date: Sun Jun 10 2001 - 16:18:25 PDT

Next message: Barney Wolff: "Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability"

Previous message: zsn: "Re: Webtrends HTTP Server %20 bug (UTF-8)"
In reply to: Peter van Dijk: "Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Previously Peter van Dijk wrote:
> crypt() passwords are never more than 8 characters - anything beyond
> 8 characters is discarded.

That highly depends on the crypt implementation. The original crypt
only used 8 characters, but modern implementations can use different
schemes (md5 for example).

Wichert.

-- 
  _________________________________________________________________
 /       Nothing is fool-proof to a sufficiently talented fool     \
| wichertat_private                  http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |

Next message: Barney Wolff: "Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability"
Previous message: zsn: "Re: Webtrends HTTP Server %20 bug (UTF-8)"
In reply to: Peter van Dijk: "Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jun 11 2001 - 10:08:16 PDT