[rt-devel] password check
Matt Knopp
mhat at netlag.com
Wed Feb 27 16:27:22 EST 2002
Assuming RT uses des-crypt for its passwords, then its not a problem. DES-
Crypt only deals with the first eight bytes of a given password string, the
rest is thrown away. By the way, I think its lame that RT uses des-crypt
passwords, it should use md5 or sha1. ;)
-Matt
On Wed, Feb 27, 2002 at 10:19:10PM +0100, Grega Milcinski wrote:
> I noticed, that RT checks just first 8 letters of password
> to clarify myself, here is an example:
> if my pass is:
> 12345678
> i can write:
> 123456789
> 12345678dakjldasiwe
> and login properly
>
> also if my pass is:
> 123456789
> i can login with 12345678
>
> Is that a bug or am I missing something?
>
> regards
> Grega
> -----------------------------------------------
> Grega Milcinski
> E-mail: grega.milcinski at s5.net
>
>
> _______________________________________________
> rt-devel mailing list
> rt-devel at lists.fsck.com
> http://lists.fsck.com/mailman/listinfo/rt-devel
More information about the Rt-devel
mailing list