Mailinglist Archive: opensuse-security (69 mails)

< Previous Next >
Re: [suse-security] Password length
  • From: "Miguel ALBUQUERQUE" <miguel.albuquerque@xxxxxxxxxx>
  • Date: Mon, 16 Oct 2006 16:18:22 +0200
  • Message-id: <OF26802F2E.636931AF-ONC1257209.00486AC0-C1257209.004946F8@xxxxxxx>
<pedrocsort-e@xxxxxxxxx> wrote on 16.10.2006 14:56:37:

> Hi,
>
> I do not know what version of SuSE you use.
> But since 9.2 I have systems running with blowfish
> encryption and the root passwd on my systems is always
> 25 chars.
> And I had no problem so far.
>
> Regards,
> Pedro
>

It's really strange, i've checked :

/etc/security/pam_pwcheck.conf
password: minlen=12 maxlen=20 cracklib blowfish nullok



cat /etc/default/passwd :
# This file contains some information for
# the passwd (1) command and other tools
# creating or modifying passwords.

# Define default crypt hash
# CRYPT={des,md5,blowfish}
CRYPT=blowfish

In /etc/shadow i am not seeing the '$2a$10$' for users created lately. I
added users manually without warnings or error messages, but how can one
be sure that the password hasn't being truncated ? How do I know, besides
the "magic '$2a$10$'", the encryption method is blowfish ?

This is SuSE 10.1




Miguel Albuquerque
Network Administrator




DISCLAIMER
- This message is intended for the use of the named person only. The
information contained in this E-mail is confidential and any disclosure,
copying, distribution or taking any action in reliance on the contents of
this information is strictly prohibited. This message does not represent a
formal commitment by Codalis SA. Codalis SA is neither liable for the
proper and complete transmission of the information contained in this
communication nor for any delay in its receipt.
< Previous Next >
Follow Ups
References