Network Solutions Crypt-PW Authentication-Scheme vulnerability
Daniel Austin
daniel at g-mapps.com
Sun Jun 10 23:24:38 UTC 2001
MAIL_FROM is now more secure.
All communication is confirmed by return email.
So you need access to read the mail and reply to it before they action
anything.
PGP hasnt worked for a long time at netsol, if you try to register your
key, it gives you some error back about no access to keyrings.
I emailed network solutions a few times about it, but i've given up after
no replies.
With Thanks,
Daniel Austin,
System/Network Administrator,
Global Media Applications Limited.
On Sat, 9 Jun 2001, Peter van Dijk wrote:
> On Fri, Jun 08, 2001 at 12:37:34AM -0700, Peter Ajamian wrote:
> [snip]
> > computer. A new 1ghz computer could easily crank out 6 char passwords in
> > mere seconds, 8 char passwords in a few hours, and a 10 char password
> > probably in a week to a month or better.
>
> crypt() passwords are never more than 8 characters - anything beyond
> 8 characters is discarded.
>
> [snip]
> > Possible Workarounds:
> >
> > Do not use the Crypt-PW authentication-scheme. Instead use the MAIL_FROM
> > or PGP scheme instead.
>
> MAIL_FROM is even less secure than CRYPT-PW. Use PGP :)
>
> > If you must use CRYPT-PW then the following suggestions are recommended:
> > - Password should be at least 10 characters in length.
>
> Again, anything over 8 is useless.
>
> All in all NetSol still hasn't learned.
>
> Greetz, Peter.
>
More information about the bind-users
mailing list