3.4 KDE password

This thread might help you understand why there are only 8 characters in the password. http://www.mepis.org/node/10596

jim

May-be this will help: www.mepis.org/node/10596

regards,
Jimmy

INTEL P-IV/HT 3.0GHz - 2X256 DDR3200 - Debian, Etch Beta-3
KDE 3.5.4 - kernel 2.6.16-2-686-smp - My iMAC runs Debian, Sarge

Talk about a photo finish.

regards,
Jimmy

INTEL P-IV/HT 3.0GHz - 2X256 DDR3200 - Debian, Etch Beta-3
KDE 3.5.4 - kernel 2.6.16-2-686-smp - My iMAC runs Debian, Sarge

Yep ya cant get closer than that! (chuckle) I was i thought having trouble posting that but it was just drupal looking at the photo finish.

jim

Looks like thats just "the way it is"

Travis

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Maybe one day I'll be able to help if I ask enough questions.

http://jenkins.hopto.org

# Linux howto's for newbies from a newbie

There's got to be a way to change it

I don't have this problem with some of the other distros I've tried. For example, Kanotix uses more than 8 characters and it's based on Debian.

I'd prefer that a distro actually use the password I set, versus truncating to 8 characters, especially given the number of password cracking tools I see floating around.

If anyone knows how to change it to where SimplyMEPIS actually uses more than 8 characters, I'd appreciate knowing how to do it.

Thanks in adance.

Jim C.

Hi gang,

Yes, I looked into this a while back. When I used SUSE and Mand(rake/riva) I seem to recall an option for the "type" of password that you used. If you wanted to be "compatible" with Unix then you used one (the shorter, 8-character) version. But if you wanted to be more secure, you could use the one allowing up to 255 characters.

The only thing that I've been able to find recently seems to indicate that you can use other passwording methods, but only if you implement pam and I haven't had enough courage to do that on any system

Any of youse guys have some good "howtos" on basic pam configuration? I mean, REALLY SIMPLE

Jon

I read a new review of SimplyMEPIS 6.0 this morning and the author figured out that all you have to do is use the passwd command from a console and a longer password works:

http://www.free-bees.co.uk/articles/simplymepis6/

So, it appears that the MEPS install screens are the culprit, not the distro itself (the install screens apparently truncate whatever password you type to 8 characters).

So, just open a console to set it to a longer password using the passwd command. I just tried this with SimplyMEPIS 6.0 and it works (if you use a longer password, the login screens will now require it, since the passwd command isn't truncating it like the MEPIS install screens do).

passwd

Jim C.

Thanks for the heads up Jim.

Actually, I just tested this on one of my 3.3.1-1 installs. As a "regular user" I entered "passwd", entered my old, and then my new password twice. I deliberately used an eight-character password like "testpass". Then, I attempted to log into the box via ssh. It let me in when I entered "testpass" but did not let me in when I entered "testpassword". Likewise, when I changed the password to "testpassword" it would not let me in with only "testpass". I do not know if ssh is applying its own security on top of the password, for sending the encrypted data down the line, but it does appear that it is possible to have a longer than eith-character password.

Now I'm confused, 'cause someone posted a while back about being able to enter a (wrong) password of more than eight characters that matched the first 8 characters. Travis, what that you? And was it the password or the user name that allowed that?

Jon

That makes sense (the symptoms you are describing).

Only the installation screens are truncating the password to 8 characters (at least in SimplyMEPIS 6.0 from what I can tell).

So, once you change it using the passwd command (to a shorter or longer password), you'll need to enter that exact password to login.

The only time a different password should work, is if you entered one that was longer than 8 characters with the installation screens. Then, you'd only need to type the first 8 characters to login.

That was my "gripe" (I used a relatively long password, and later found out that I could login using only the first 8 characters). But, after you set it using the passwd command, the problem is solved (at leaat in SimplyMEPIS 6.0).

Jim C.

Thanks for more info Jim.

When I get a chance to play with this more, I will try to set up a couple virtual machines with fresh installs of 3.3.1 as well as 6.0 and see what happens with a "new" user. I don't want to add/modify/delete "users" from my live box. But this is definitely an interesting puzzle

Jon

I logged into my box via ssh (which always used long passwords) and ran

$ passwd

changed pass to "pass"

$ passwd

changed pass to original password.

Now when I login and type only first 8 char it denies me in kde and pop3. I have to use all 65 characters of my strong password , I am joking. I do really have to use all of my characters. So this fix worked!

Travis

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Maybe one day I'll be able to help if I ask enough questions.

http://jenkins.hopto.org

# Linux howto's for newbies from a newbie

I have 3 UNIX users, myself, and 2 family members. I had to passwd both of them and myself to keep from truncating. I created the 2 extra users via OScenter. And once again, this is 3.4

Travis

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Maybe one day I'll be able to help if I ask enough questions.

http://jenkins.hopto.org

# Linux howto's for newbies from a newbie

Well Travis, I recall doing my usual "apt-get clean; apt-get update; apt-get upgrade" a couple days back. Since the last time when I completely trashed my system, I ALWAYS LOOK at the list of packages that it states are going to be upgraded. If I see any of the "nasty" ones that "fix" xfree86 then I don't do the upgrade. I recall seeing "adduser" and "passwd" in the list of packages not too long ago. So that was probably when the fix occured.

For my own curiosity. Does this mean that a "strong password" can actually be a "pass phrase" and possibly include SPACES in the phrase? If it does, then I can use "this is my secret password" as my password

Jon

I wonder how many years it would take to crack an eight digit password......

jim

Jon,
I logged in and did
$ passwd

and set it to "this is my password"

and the logged out/back in and tried "thisismypassword" and it failed. I had use "this is my password" to get in. So yes, spaces are accepted.

Travis

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Maybe one day I'll be able to help if I ask enough questions.

http://jenkins.hopto.org

# Linux howto's for newbies from a newbie

Yes, on my main box, I tried some variations on my regular password. In other words, my regular password is "password" so I tried entering "password123". And it didn't work.

So now that you have tested passwords with spaces we know that one can use "pass phrases". Neat!

Now I need to change my password from "password"

Jon

Why so upset about the KDE password? If anybody really wants to read your data they can just pick out your hard disc, connect it on another computer and just read all your stuff.

If you really need to protect your "goodies" you should encrypt the hole drive with Truecrypt or at least you should keep all your secrets encryptet with PGP or something...Even so in your logs, cache and ram the "good people" can find a lot of "snacks" on the computers of "the bad people" if they really put in some efforts.... And remember all your unencrypted traffic over the Internet is easily readable by anyone with a minimum of knowledge....

If I were about do do something really "hideable" I would not do it on my computer. For that the Mepis LiveCD on others computers are good....

IMPORTANT:
Beeing paranoid does not meen that nobody is following you. Take care and watch your back carefully.....

Aaaahheeeee...Could anybody tell me how to wipe all my freespace securly on my hard-drive?