Jacob -

        I believe this has always been true of most versions of Unix I'm
familiar with. Also take into account the fact that there are only 7 random
bits per character and you're getting even less protection than you first
think!

        Terri Tuttle

-----Original Message-----
From: Jacob McMaster [mailto:jmcmasterappliedsystems.com]
Sent: Wednesday, May 01, 2002 9:42 AM
To: vuln-devsecurityfocus.com
Subject: AOL passwords

I don't know if anyone has said this but, AOL allows you to use a 8+
character password, but when signing in it will only check the first 8
character and then it doesn't matter if you type the rest of the password or
type the rest of it wrong it will let you in that account. Also their
access to your email via the web, it will actually tell you its the wrong
password if your password is over 8 characters and you type the whole thing
in, you have to type only the 1st 8 characters to get into it. Not sure
this is a major issue, but would make the cracking process eaiser for
someone if they know there is a max of 8 characters needed.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]