On Wed, Jul 26, 2017 at 08:43:43AM -0700, tony mollica wrote:
Hello.Can anyone shed some light on why my logon password got it's upper and lower case characters reversed? I needed the caps lock on then use the same password with the shift on the correct characters to log on. I've since reset the password successfully and all is fine (so far) but I'd like to know what happened. The only change I made was installing winbind, libnss-windbind and libpam-winbind but I don't find anything that explains the upper/lower case reversal on password entry.
In theory, this should not be possible. Debian, by default, uses "shadow" passwords. That means that, instead of storing your password in /etc/passwd, an encrypted version is stored in /etc/shadow. "man shadow" states that the encryption process is detailed in "man crypt". That, in turn, states "By taking the lowest 7 bits of each of the first eight characters of the [user's password], a 56-bit key is obtained". The lowest 7 bits of each character IS enough to differentiate between the case of the letters. So, for this to happen, something would need to read /etc/shadow, crack your password (which means scanning 2**56 possibilities - that's 7.2×10^16 or 72 million billion possibilities), perform the case change and re-store it in /etc/shadow. The chance of this happening by accident (that is, the chance of /etc/shadow being corrupted such that the new password is A) valid and B) a case-changed version of your old password) is ridiculously small.
A normal password change fixed the problem. thanks, tony
-- For more information, please reread.
signature.asc
Description: PGP signature
