Riccardo Bini wrote:
Alle 05:58, martedì 21 marzo 2006, Tom Collins ha scritto:
Actually, this patch is incorrect. vadduser() takes the plaintext
password, regardless of whether CLEAR_PASS is defined.
The current code behaves as it should.
#define MAX_PW_PASS 40
#define MAX_PW_CLEAR_PASSWD 16
With CLEAR_PASS password limits is 16 and not 40. What is the difference from
MAX_PW_PASS and MAX_PW_CLEAR_PASSWD?
MAX_PW_PASS is the encrypted password
MAX_PW_CLEAR_PASSWD is the clear text password.
A 16 byte clear text password could become a 40 byte encrypted hash
depending on the method used to encrypt it.