| Subject | Re: [ib-support] fb 8-letter password bug |
|---|---|
| Author | David K. Trudgett |
| Post date | 2002-01-04T07:46:41Z |
On Friday 2002-01-04 at 18:32:39 +1100, Helen Borrie wrote:
days, as an ordinary PC can brute force that space in fairly short
order. Because of this, an eight character limit on passwords can
easily be considered a bug in the broad sense, even though it is the
designed behaviour. It should really go onto the list of future
enhancements, if it's not there already.
I believe I heard mutterings in the past about enhancing the whole
authentication mechanism, including the GDB file used for the purpose.
Perhaps the password issue will be resolved as part of a larger fix.
David Trudgett
> >There's a bug where passwords are validated to the first 8-lettersOf course, eight characters is nowhere near an acceptable limit these
> >only, right? e.g. password is 'masterkey' but authentication
> >accepts 'masterke'.
> >
> >Is this going to be corrected soon or is this a low priority?
>
> It's not a bug. InterBase and Firebird only evaluate the first 8
> characters of any password, so if you have one user with the
> password "masterkey" and another with "masterkeeper", they are
> evaluated and encrypted as identical.
>
> Because 8 characters is easy to crack, you're advised not to use
> easily guessable words as passwords. Better to create completely
> random combinations of letters and digits.
days, as an ordinary PC can brute force that space in fairly short
order. Because of this, an eight character limit on passwords can
easily be considered a bug in the broad sense, even though it is the
designed behaviour. It should really go onto the list of future
enhancements, if it's not there already.
I believe I heard mutterings in the past about enhancing the whole
authentication mechanism, including the GDB file used for the purpose.
Perhaps the password issue will be resolved as part of a larger fix.
David Trudgett