Results 1 to 3 of 3
When I was changing my password with the "passwd" command in Debian Lenny,
after the confirmation, I received the following message:
Bad: new password is just a wrapped version of ...
- 01-18-2011 #1Just Joined!
- Join Date
- Jan 2011
- Posts
- 1
How does debian/linux detect a wrapped version of an old password?
When I was changing my password with the "passwd" command in Debian Lenny,
after the confirmation, I received the following message:
Bad: new password is just a wrapped version of the old one
I know the passwords are not saved in clear text, but hashes. Even further, when a single char changes in the string (the password in this case) the hash is completely different.
So,
how does linux detect a wrapped version of an old password?
Thanks in advance.
- 01-18-2011 #2Just Joined!
- Join Date
- Mar 2010
- Posts
- 79
Check this (for example):
passwdqc
- 01-18-2011 #3Linux User
- Join Date
- Oct 2010
- Location
- Baja Oklahoma
- Posts
- 358
The system knows both the old and new passwords. They're not hashed at that point. It's trivial to see minor variations of the two. It should let you use the new password, it's just warning you that it's a security compromise, and anyone who has the old password can easily find the new one.
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
