[Gllug] user has two passwords?
Chris Ball
chris at void.printf.net
Mon Nov 5 17:07:04 UTC 2001
On Mon, 2001-11-05 at 16:32, Steve Nicholson wrote:
> at the console or using ssh I can login as user "steve" with psw
> "abcxxx" or psw "abcyyy". The passwords are similar but not the same.
Do you know how the crypt() function works? Passwords are encrypted
one-way; they aren't meant to ever be unencrypted, only compared against
the crypted form for authentication. If you used something like a one
character salt, or a particularly long password, it would be easy for
two different plaintext phrases to evaluate to the same crypted string.
I think that the passwords being similar at the most significant end and
this functionality of crypt() are definitely related..
~C.
--
$a="printf.net"; Chris Ball | chris at void.$a | www.$a | finger: chris@$a
"In the beginning there was nothing, which exploded."
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list