[tac_plus] tac_plus login and enable password issue

Daniel Schmidt daniel.schmidt at wyo.gov
Mon Dec 12 15:38:01 UTC 2011


Of note, it can be worked around, as I did with a salt in the quick/dirty
cgi.

This is from the GNU crypt man pages:

GNU EXTENSION
The glibc2 version of this function has the following additional fea-
tures. If salt is a character string starting with the three charac-
ters "$1$" followed by at most eight characters, and optionally termi-
nated by "$", then instead of using the DES machine, the glibc crypt
function uses an MD5-based algorithm, and outputs up to 34 bytes,
namely "$1$$", where "" stands for the up to 8 charac-
ters following "$1$" in the salt, followed by 22 bytes chosen from the
set [a-zA-Z0-9./]. The entire key is significant here (instead of only
the first 8 bytes).

-----Original Message-----
From: tac_plus-bounces at shrubbery.net
[mailto:tac_plus-bounces at shrubbery.net] On Behalf Of Alan McKinnon
Sent: Friday, December 09, 2011 2:33 PM
To: tac_plus at shrubbery.net
Subject: Re: [tac_plus] tac_plus login and enable password issue

On Fri, 9 Dec 2011 16:31:03 +0000
john heasley <heas at shrubbery.net> wrote:


> > This issue already solve with change the enable password with other
> > password. In my case this happen if i use login password and enable
> > password with same character from the first and have only 1
> > different character in the end of password. Maybe des encryption do
> > not check until the last character.
>
> crypt(3) normally only supports a maximum 8 character password.

Of course! That explains everything.

Incidentally, crypt normally accepts up to 10 characters but only uses the
first 8 for hashing. An password of 11 characters and longer causes an
error.

That one has caused no end of confusion around here. It's one of those
bizarre limits that users simply cannot get their wits around.

--
Alan McKinnnon
alan.mckinnon at gmail.com
_______________________________________________
tac_plus mailing list
tac_plus at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus
E-Mail to and from me, in connection with the transaction 
of public business,is subject to the Wyoming Public Records 
Act, and may be disclosed to third parties.



More information about the tac_plus mailing list