On Fri, 30 Nov 2001, Roger Keays wrote: > > I'm not sure if this is common knowledge or not, but I have just noticed > the effects of having the first two letters of your password the same as > the first two in your login name... You can use any extension of your > password!! > > e.g., on my Woody box I added a user called 'ron' and his password was > 'roniosko'. He could login in with 'ronioskos', 'ronioskoasdfasd' and so > forth! > > I tried a few more and had the same results. This is something to do > with the random salt right? > > Can anyone else reproduce this? > > Cheers, > > Roger > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > hi Roger,
maybe you dont use MD5 passwords, so only the first 8 characters will be "compared". see http://www.debian.org/doc/manuals/securing-debian-howto/ch3.en.html#s3.4 for more information. tom ------ .-. free source for free users! /v\ L I N U X // \\ >Phear the Penguin< /( )\ ^^-^^
