foundry27 : Post

Forum Topic - QNX 6.5.0 password checking for root is not secure: (3 Items)

View: as

Allen Chen(deleted)

06/08/2013 9:20 PM

post102103

QNX 6.5.0 password checking for root is not secure

I have set my root password to be QNXepri683. However it will pass if I type in QNXepri68[0-9], i.e. the lass number can
 be any of 0,1,...,9. 
Is it a bug?

Daniel Wright(deleted)

03/04/2014 9:45 AM

post109172

Re: QNX 6.5.0 password checking for root is not secure

I only have experience with QNX 4.25 and 6.3.2 but 6.5 is probably similar. Usernames are limited to 14 characters and 
the QNX crypt() library used for password hashing truncates passwords to 8 characters.

Jeff Baker

03/04/2014 10:49 AM

post109173

Re: QNX 6.5.0 password checking for root is not secure

crypt() is a POSIX implementation of the DES hashing algorithm that by definition only factors in the first 8 characters
 of the string.

6.6.0 was just released and contains more modern hashing options (MD5, SHA2-256/512) that allow for more secure 
passwords of up to 64 characters.

Return

The text you entered is not a valid object ID
More Information
Object IDs begin with an object prefix and end with a number. For example, if you enter
artf2345
the application will jump directly to an artifact with the ID artf2345. Some valid object prefixes are:
artf	for an artifact
doc	for a document
page	for a project page
topc	for a discussion topic
wiki	for a wiki page