Jacob - I believe this has always been true of most versions of Unix I'm familiar with. Also take into account the fact that there are only 7 random bits per character and you're getting even less protection than you first think! Terri Tuttle -----Original Message----- From: Jacob McMaster [mailto:jmcmasterat_private] Sent: Wednesday, May 01, 2002 9:42 AM To: vuln-devat_private Subject: AOL passwords I don't know if anyone has said this but, AOL allows you to use a 8+ character password, but when signing in it will only check the first 8 character and then it doesn't matter if you type the rest of the password or type the rest of it wrong it will let you in that account. Also their access to your email via the web, it will actually tell you its the wrong password if your password is over 8 characters and you type the whole thing in, you have to type only the 1st 8 characters to get into it. Not sure this is a major issue, but would make the cracking process eaiser for someone if they know there is a max of 8 characters needed.
This archive was generated by hypermail 2b30 : Wed May 01 2002 - 11:11:59 PDT