Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1999_1

Bugtraq archives for 1st quarter (Jan-Mar) 1999: Re: SSH 1.x and 2.x Daemon

Re: SSH 1.x and 2.x Daemon

der Mouse (mouseRODENTS.MONTREAL.QC.CA)
Thu, 11 Feb 1999 14:46:25 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Theo de Raadt: "Re: Lynx /tmp problem"
Previous message: Ryan Sweat: "Buffer overflow in Serve-U"
Maybe in reply to: KuRuPTioN: "SSH 1.x and 2.x Daemon"
Next in thread: Ronny Cook: "Re: SSH 1.x and 2.x Daemon"

> [...]  However in practice one can also assume that any field longer
> than 13 characters results in a locked account.

> (This would then require custom checks to be added for systems such
> as FreeBSD which don't use the standard Unix DES 64-bit password
> encryption, but that's not so hard to do.  [...])

It's not hard to do for any individual system.  It's a nightmare to try
to maintain such checks in a master source tree.  I know of three (I
think) free Unices and one commercial one that break the "length!=13 ->
invalid" assumption, and as CPU speed increases make the old DES-based
hashes less and less secure in practice, there will be more.

					der Mouse

			       mouserodents.montreal.qc.ca
		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Next message: Theo de Raadt: "Re: Lynx /tmp problem"
Previous message: Ryan Sweat: "Buffer overflow in Serve-U"
Maybe in reply to: KuRuPTioN: "SSH 1.x and 2.x Daemon"
Next in thread: Ronny Cook: "Re: SSH 1.x and 2.x Daemon"