Re: Your password must be at least 18,770 char...

2001-07-09 Thread David Honig

At 02:55 PM 7/9/01 -0500, Rick Smith at Secure Computing wrote:
>One of those recently posted lists of quotations included a reference to 
>Microsoft Knowledge Base article Q276304, from late June, which described 
>the following problem:
>
>"SYMPTOMS
>   Your password must be at least 18770 characters and cannot repeat any of 
>your previous 30689 passwords. Please type a different password. Type a 
>password that meets these requirements in both text boxes.

MS finally got something right about security!


 






  







-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]



Re: Your password must be at least 18,770 char...

2001-07-09 Thread Matt Crawford

I have no Windows source code to judge by, but just looking from the
outside I believe the error arises as follows.  When the MIT-based
KDC returns the error code KADM5_PASS_Q_DICT (which it will only do
if your Kerberos admin has inserted a dictionary check, as there is
none by default), the MS password-changing client fishes in
uninitialized memory for some other possible parameters governing the
password selection: the length and history.

(This sheds no light on what it might do if you try a password with
too few character *classes*, which is yet another error code.)



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]