Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
Re: [suse-security] password bug?
  • From: Michael Zimmermann <zim@xxxxxxxx>
  • Date: Thu, 12 Sep 2002 05:13:58 +0200
  • Message-id: <200209120513.58817.zim@xxxxxxxx>
At Donnerstag, 12. September 2002 04:14 Rob Bourne wrote:
> I installed 8.0 about a month ago. The password i wanted to use had 9
> characters and the install defaults to 8. I entered the first eight
> characters and later ran yast to enable 15 character passwords. I also
> checked all 3 boxes above the password length dialog boxes (md5 or
> something like that). I changed my password to the 9 character version. Now
> I can login with either the 8 or the 9 character password.

Sounds like you are still having the crypt()-Version of your password,
and only the first 8 characters are hashed.

Check the corresponding line in /etc/shadow

If the shadow-file says something like
then the password is stored as the MD5 hash
(the long format)

But if it's like
then the password is stored as the crypt() Hash,
where only the first 8 chars of the password are significant.

Setting a new password should allways create the
MD5-format ( where the hash starts with '$1$' )

Michael Zimmermann (Vegaa Safety and Security for Internet Services)
Key fingerprint = 1E47 7B99 A9D3 698D 7E35 9BB5 EF6B EEDB 696D 5811

< Previous Next >