[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: cifs password length?



On 13Jan2007 14:15, Craig White <craigwhite azapple com> wrote:
| On Sat, 2007-01-13 at 12:21 -0600, Chris Mohler wrote:
| > Not an answer but - one time I tried mounting my home dir via
| > netatalk, and (much to my surprise) the password entry box on the mac
| > (OS7 - don't ask!) would only let me input 8 chars for the password!
| > Not good, since my passwd is much longer - I had to change it
| > temporarily.
| ----
| agreed and this is a Macintosh issue since I have set up LDAP
| authentication at various clients and have had to shorten passwords for
| Macintosh users

Original UNIX crypt only hashed the first 8 characters of a password.
Making passwords longer gave no added protection, but could supply the
illusion that the password was more secure. If the Mac doesn't or didn't
speak the newer hashes then there's a good argument for constraining the
password length - it ensures people know to get all the hard-to-crackness
into those 8 characters.

(Conversely, Windows passwords are 14 characters, but hashed as two
7-character chunks, individually attackable, so they are even weaker!)

Cheers,
-- 
Cameron Simpson <cs zip com au> DoD#743
http://www.cskk.ezoshosting.com/cs/

For the people that aim to stop P2P, they have turned a centralized system
like Napster - easily controlled, easily monitored - into a fully
decentralized system in the form of Kazaa, as well as a fragmented ecosystem
of thousands of centralized servers through BitTorrent. This was probably a
bad decision. As the folks on Fark.com say, "chilarity ensues."
- Monkey Methods BitTorrent Paper
http://monkeymethods.org/pubs/is-bittorrent-dead-centralization-analysis.htm


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]