[colug-432] su broken on ...
Scott Merrill
skippy at skippy.net
Mon Feb 21 06:34:50 EST 2011
On Mon, Feb 21, 2011 at 1:04 AM, Vincent Herried <vince at planetvince.info> wrote:
> No ideas on why the gue for users shows fewer characters than
> the password? hmmm wondering... much of this work was
> done from host lap3.vince ssh desk.vince
> nah makes no sense why that would mess it up
My guess is that there's no useful reason to show the correct number
of characters in a password when you're changing that password: if you
know the password, you can change it successfully, and if you don't
know the password then seeing the correct number of characters will
help you deduce a poorly chosen password, or more quickly brute force
it.
More information about the colug-432
mailing list