Bug 19548

Summary:	DES in 3.5-RELEASE allows trailing characters
Product:	Base System	Reporter:	john <john>
Component:	misc	Assignee:	freebsd-bugs (Nobody) <bugs>
Status:	Closed FIXED
Severity:	Affects Only Me
Priority:	Normal
Version:	3.5-RELEASE
Hardware:	Any
OS:	Any

Description john 2000-06-27 20:50:01 UTC

I can login using any password, provided my real password is the first substring.  
For example if my password was "plant", a password of "plant72495" will authenticate.

Fix: 

Uninstalling DES fixes it.
How-To-Repeat: install DES and set a password.  Then login, inserting random characters after your correct password

Comment 1 davidn 2000-06-27 22:10:33 UTC

john@jfive.com wrote:

> I can login using any password, provided my real password is the first substring.
> For example if my password was "plant", a password of "plant72495" will authenticate.

I am unable to reproduce this behaviour on 3.4-STABLE, 3.5-STABLE or
4.0-STABLE. Are you
sure you tried the exact example you've quoted?

DES passwords do have a length limitation of 8 characters, which is a
known weakness in
DES per se on all compatible UNIX platforms. If the user's password is 8
characters or
longer, then certainly anything appended to the password is silently
ignored when
computing the hash. Junk appended after shorter passwords will certainly
be used in
deriving the hash.

This limitation of DES is documented, and is why md5 hashes are generally
preferred
(the limitation there is 128 characters I believe).

-- 
|| David Nugent                      || TS Manager, ISP Limited ||
\\ davidn@austel.net | davidn@blaze.net.au | davidn@freebsd.org //
.\\ Ph: +61396422322   Fax: +61396422063   Cell: +61404867638  //.

Comment 2 dirk freebsd_committer

2000-11-08 13:15:13 UTC

State Changed
From-To: open->feedback

John, can you please check if it's the mentioned "only-eight-chars-are- 
significant" problem?

Comment 3 dirk freebsd_committer

2000-12-02 15:52:50 UTC

State Changed
From-To: feedback->closed

Feedback timeout...