[colug-432] su broken on ...
Richard Hornsby
richardjhornsby at gmail.com
Mon Feb 21 10:39:03 EST 2011
On Feb 21, 2011, at 09:27 , Rob Funk wrote:
> On Monday, February 21, 2011 10:19:03 am Thomas W. cranston wrote:
>> Getting a different number of characters is probably a symptom of
>> something wrong.
>
> I disagree completely. I've seen many systems that show some small number of
> dots rather than dots matching the character count in the password. Keep in
> mind that in a well-designed system, the actual password (including its
> length) isn't even retrievable at all.
>
> You're chasing a red herring here.
I'm with Rob on this one. Your /etc/passwd (or /etc/shadow) contains one-way hashes. As far as I know, there is no way from that to actually determine the length of the stored password, at least not in any way that makes sense for the purposes of putting a series of *'s into a box. (Intentionally excluding password cracking tools like John the Ripper from this discussion.)
You can certainly test this by changing your password to something of 5 characters, 10, 15, 20 etc and seeing if the "current password: ******" changes. However, this is a tangential distraction unlikely to lead you to why 'su' appears to be broken.
-rj
More information about the colug-432
mailing list