4714367 2000-01-22  00:20  /26 rader/ Postmaster
Mottagare: Bugtraq (import) <9427>
Ärende: Rh 6.1 initial root password encryption
------------------------------------------------------------
Approved-By: aleph1@SECURITYFOCUS.COM
Delivered-To: bugtraq@lists.securityfocus.com
Delivered-To: bugtraq@securityfocus.com
X-Accept-Language: en
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID:  <3887A0F9.7A53C698@optusnet.com.au>
Date:         Fri, 21 Jan 2000 10:57:45 +1100
Reply-To: ken@optusnet.com.au
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: Ken Barber <ken@optusnet.com.au>
X-To:         bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM

The initial root password that is set in /etc/shadow by the Red Hat
6.1 installation program is in crypt-style, not MD5. This occurs even
if you have chosen MD5 encryption in the initial setup of RH.

A change of password _after_ initial setup changes the encryption to
MD5.

What does this mean? A seemingly long root password set by the
administrator is actually truncated to 8 characters.

ken@.
(4714367) ------------------------------------------(Ombruten)