Subject Re: [firebird-support] Database Security
Author Brad Pepers
On January 6, 2004 03:04 am, Jiri Hoffmayer wrote:
> I actually wonder why the login password is stil only 8 chars. Why not
> extend the significant chars of a password to let's say 64? This would
> prevent DB access when someone gets the 'security.fdb' file (or the
> appropriate IB file). AFAIK the 8 pwd chars may be cracked through a brute
> force approach, which is quite easy to do :-(((

Firebird uses the crypt() function for the password and crypt only uses 8
characters so it can't easily be fixed without recoding how passwords work.
Note though that crypt() is now considered to be pretty weak and can be
broken by brute force attacks so replacing it would be a good idea.

Brad Pepers