Roger Keays <[EMAIL PROTECTED]> writes: > I'm not sure if this is common knowledge or not, but I have just noticed > the effects of having the first two letters of your password the same as > the first two in your login name... You can use any extension of your > password!!
Wrong. You can guess the first two characters of the username if you use it as a salt. > e.g., on my Woody box I added a user called 'ron' and his password was > 'roniosko'. He could login in with 'ronioskos', 'ronioskoasdfasd' and so > forth! That's a consequence of passwords being truncated at 8 chars before running crypt() on them. > Can anyone else reproduce this? I'd be surprised if I couldn't! ~Tim -- Can you tell me how to get, |[EMAIL PROTECTED] How to get to Sesame Street? |http://spodzone.org.uk/
