Re: Amazon.com Password limit

From: jon schatz (jonat_private)
Date: Thu Apr 18 2002 - 23:51:33 PDT

Next message: Cynthia Brown: "Re: Nortel CVX 1800s will dump all local user names and passwords via SNMP"

Previous message: Burton M. Strauss III: "RE: segfault in ntop"
In reply to: Vishal Ganeriwala: "Amazon.com Password limit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2002-04-17 at 19:24, Vishal Ganeriwala wrote:
> That means max password lenght 
> for amazon is 8 chars  . It truncts everything after 8 
> chars. and Amazon doesn't tell you to choose 
> password of maximum 8 chars .  I dont know security 
> implications . But the information is useful if one is 
> trying to bruteforce a account since he knows max 
> password lenght is 8 char . 

On a similar note, I was trying to login to a MSN account via gaim. I
tried my hotmail email account as a username, and used my password. No
dice. After playing around for a while, I found that the limit for
Passport passwords is 15 characters (mine was longer). This is
(obviously) much more difficult to brute force than an 8 character
password, but unpublished password limits piss me off.

-jon

-- 
jonat_private || www.divisionbyzero.com
gpg key: www.divisionbyzero.com/pubkey.asc
think i have a virus? www.divisionbyzero.com/pgp.html
"You are in a twisty little maze of Sendmail rules, all confusing."

application/pgp-signature attachment: This is a digitally signed message part

Next message: Cynthia Brown: "Re: Nortel CVX 1800s will dump all local user names and passwords via SNMP"
Previous message: Burton M. Strauss III: "RE: segfault in ntop"
In reply to: Vishal Ganeriwala: "Amazon.com Password limit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 19 2002 - 13:33:16 PDT