On Tuesday, Sep 9, 2003, at 22:40 US/Central, Mike Miller wrote:
We had a customer who recently had a username of webmaster and a password of webmaster00.

bad idea to start with... passwords should not contain, or be similar to, the userid.

I then tried truncating their password character by character. What I found was that only when I brought the password to 'webmast' (webmaste still worked), did it stop authenticating properly.

your system is using standard unix crypt() to create the encrypted passwords. the crypt() algorithm, when used for passwords, only encrypts the first eight bytes of the password. this is why most systems use MD5 encryption for passwords.

| John Simpson - KG4ZOW - Programmer at Large |
| <[EMAIL PROTECTED]>        http://www.jms1.net/ |

Attachment: PGP.sig
Description: PGP signature

Reply via email to