GNU bug report logs - #21318
Only the first 8 characters of passwords are significant

Previous Next

Package: guix;

Reported by: Mark H Weaver <mhw <at> netris.org>

Date: Sat, 22 Aug 2015 05:21:01 UTC

Severity: serious

Done: 宋文武 <iyzsong <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: 宋文武 <iyzsong <at> gmail.com>
Cc: tracker <at> debbugs.gnu.org, bug-strong-list <at> debbugs.gnu.org
Subject: bug#21318: closed (Only the first 8 characters of passwords are
 significant)
Date: Tue, 25 Aug 2015 12:43:02 +0000

[Message part 1 (text/plain, inline)]
Your message dated Tue, 25 Aug 2015 20:43:50 +0800
with message-id <8737z7y1vd.fsf <at> gmail.com>
and subject line bug#21318: Fixed
has caused the debbugs.gnu.org bug report #21318,
regarding Only the first 8 characters of passwords are significant
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
21318: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=21318
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Mark H Weaver <mhw <at> netris.org>
To: bug-guix <at> gnu.org
Subject: Only the first 8 characters of passwords are significant
Date: Sat, 22 Aug 2015 01:20:22 -0400

yenda on #guix reported that when typing user passwords, only the first
8 characters need to be typed correctly to successfully log in.

DusXMT on #guix mentioned that [GNU/]Linux From Scratch instructs users
to change "#ENCRYPT_METHOD_DES" to "ENCRYPT_METHOD_SHA512" in
etc/login.defs:

  http://www.linuxfromscratch.org/lfs/view/stable/chapter06/shadow.html

I tried modifying both /etc/login.defs and etc/login.defs in our
'shadow' package recipe, and then tried updating my password entry with
'passwd' but it still only pays attention to the first 8 characters.

'strace' reveals that 'passwd' doesn't even look for any file named
"login.defs".

I'm not sure what's going on here, but it would be good to fix it soon.

     Mark



[Message part 3 (message/rfc822, inline)]
From: 宋文武 <iyzsong <at> gmail.com>
To: 21318-done <at> debbugs.gnu.org
Subject: bug#21318: Fixed
Date: Tue, 25 Aug 2015 20:43:50 +0800

Fixed in commit 9297065a2b2151636194b2c91e957a3ec0b33532.
This bug report was last modified 9 years and 274 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.