Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: SSH 1.x and 2.x Daemonder Mouse (mouseRODENTS.MONTREAL.QC.CA)
Thu, 11 Feb 1999 14:46:25 -0500
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Theo de Raadt: "Re: Lynx /tmp problem"
- Previous message: Ryan Sweat: "Buffer overflow in Serve-U"
- Maybe in reply to: KuRuPTioN: "SSH 1.x and 2.x Daemon"
- Next in thread: Ronny Cook: "Re: SSH 1.x and 2.x Daemon"
> [...] However in practice one can also assume that any field longer > than 13 characters results in a locked account. > (This would then require custom checks to be added for systems such > as FreeBSD which don't use the standard Unix DES 64-bit password > encryption, but that's not so hard to do. [...]) It's not hard to do for any individual system. It's a nightmare to try to maintain such checks in a master source tree. I know of three (I think) free Unices and one commercial one that break the "length!=13 -> invalid" assumption, and as CPU speed increases make the old DES-based hashes less and less secure in practice, there will be more. der Mouse mouserodents.montreal.qc.ca 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B