[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Using crypt()
On Thu, 4 Apr 1996, Eric Eden wrote:
> The only problem is when users mistakenly supply cleartext initially,
> they can never update their information because the program isn't
> smart enough to realize that the user was submitting cleartext instead
> of an encrypted password when setting up their account.
Far from bulletproof, but the three Unice I just checked, SCO Unix,
UnixWare and FreeBSD, all generate 13 character encrypted passwords.
I believe this is the norm for crypt.
Very few people around here have 13 character clear text passwords,
those that do are either very security concious and won't use CRYPT-PW
or it's just coincidental and their bad luck.
Anyway, requiring the supposedly encrypted password to be 13 characters
is probably about the best you can do. If crypt generated recognizable
patterns it wouldn't be very useful, would it?
I'm still debating whether or not to allow our clients to use this
option. We may require clients registering domains to pick up a copy
of PGP first.
Dan
--
Dan Busarow
DPC Systems
Dana Point, California