crypt(3) only uses the first 8 characters for it's hash. roniosko is 8 characters. Any extras would be ignored. I think you'll find trying roniosk would fail. md5 passwords are a much better option and available at least from slink (2.1) on (iirc). I'm not sure about earlier versions.
Roger Keays wrote: > > Hi all, > > I'm not sure if this is common knowledge or not, but I have just noticed > the effects of having the first two letters of your password the same as > the first two in your login name... You can use any extension of your > password!! > > e.g., on my Woody box I added a user called 'ron' and his password was > 'roniosko'. He could login in with 'ronioskos', 'ronioskoasdfasd' and so > forth! > > I tried a few more and had the same results. This is something to do > with the random salt right? > > Can anyone else reproduce this? > > Cheers, > > Roger > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] J.R. Blain http://www.cowboyatheart.org/ -- Real programmers use chmod +x /dev/random and cross their fingers -- Comment found in a vi/emacs flamewar on slashdot. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
