[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability

To: bugtraq@securityfocus.com
Subject: Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability
From: Wichert Akkerman <wichert@wiggy.net>
Date: Mon, 11 Jun 2001 01:18:25 +0200

Previously Peter van Dijk wrote:
> crypt() passwords are never more than 8 characters - anything beyond
> 8 characters is discarded.

That highly depends on the crypt implementation. The original crypt
only used 8 characters, but modern implementations can use different
schemes (md5 for example).

Wichert.

-- 
  _________________________________________________________________
 /       Nothing is fool-proof to a sufficiently talented fool     \
| wichert@cistron.nl                  http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |

Prev by Date: Re: Mac OS X - Apache & Case Insensitive Filesystems
Next by Date: Re: Webtrends HTTP Server %20 bug (UTF-8)
Prev by thread: Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability
Next by thread: Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability
Index(es):
- Date
- Thread