On Sun, Dec 16, 2001 at 08:54:30AM -0900, John Andersen wrote:
Wierd. I can't get it to fail here. How long was the full root paswd?
The original (for which an initial substring of 7 or more characters matched) was 16 characters long. The second (matching for at least the 8 initial characters) is 10 characters long.
By sheer accident I noticed that an initial substring (of 7 characters or longer) of my root password will return a match when I su to root.
I have become a little lax about policing my system, which is just a home workstation, however, I am wondering if this is a known problem or if it is likely that I have been compromised. Frankly, I am soon to reinstall, and there is not exactly anything super-secret on my hard drive, so I am not too worried... but anyhow. BTW, I changed the root password and again, an initial substring (this time of 8 or more characters) returns a match.
--
Corvin Russell