#32: 14-character maximum password length is incorrect
-----------------------+----------------------------------------------------
Reporter: parasytic | Owner:
Type: defect | Status: new
Priority: minor | Milestone: 4.9
Component: bootdisk | Version: 4.8
Keywords: |
-----------------------+----------------------------------------------------
The password_q() function in install.pl assumes that all passwords must
contain 14 characters *or less*. This is incorrect: the 14-character
limit on passwords ended with Windows NT. See:
http://en.wikipedia.org/wiki/LM_hash
LANMAN was superseded by NTLM: http://en.wikipedia.org/wiki/NTLM which
still uses the LM Hash (e.g. with 14-character limit) but also uses an MD4
hash over the original password as well (which uses a 128-bit compression
function, but it doesn't really "limit" password length to 128 effective-
bits.)
The way to fix this bug is increasing the password limit to a higher (but
still sane) limit. 50 sounds good to me.
--
Ticket URL: <http://sourceforge.net/apps/trac/unattended/ticket/32>
Unattended <https://apps.sourceforge.net/trac/unattended/>
This is a system for fully automating the installation of Windows 2000
Professional and Server, Windows XP, and Windows Server 2003.
------------------------------------------------------------------------------
_______________________________________________
unattended-devel mailing list
unattended-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/unattended-devel
