The Unix Heritage Society mailing list
 help / color / Atom feed
From: "John P. Linderman" <jpl.jpl@gmail.com>
To: Royce Williams <royce@techsolvency.com>
Cc: The Unix Heritage Society <tuhs@minnie.tuhs.org>
Subject: Re: [TUHS] Recovered /etc/passwd files
Date: Sat, 19 Oct 2019 09:11:10 -0400
Message-ID: <CAC0cEp8+nb0PXg71ej6LFBB6VHZ_891oqywLwJdyx_ymNYjeXw@mail.gmail.com> (raw)
In-Reply-To: <CA+E3k91oJdfwPBYcGO3a2_nr7vLWU0MTxrsmQs4h0rBEyGvL6A@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 1570 bytes --]

Related story. A user came to us with a problem while we were in our
computer room. We asked him to log in at the VAX console, so we could look
into the problem. Moments later, dozens of users flooded in, asking what
had happened. Seems the first user had a CTRL-P in his password, which,
when entered at the console, triggered the VAX to pause.

On Fri, Oct 18, 2019 at 2:34 PM Royce Williams <royce@techsolvency.com>
wrote:

> On Fri, Oct 18, 2019 at 7:01 AM Royce Williams <royce@techsolvency.com>
> wrote:
>
> > What original caught my attention was the logic behind enforcing
> password quality in passwd.c during a specific era of BSD code, which
> exited ambiguously in a double negative of sorts, where control characters
> were not disallowed during password entry. (I'll try to dig up the source.)
>
> Specifically, see the eras in which passwd.c looked something like this:
>
>
> https://github.com/dank101/4.2BSD/blob/708b3890ac0c2f034f2840b5ee9125b3c83a05bc/bin/passwd.c#L69-L107
>
>         while (c = *p++) {
>                 if (c >= 'a' && c <= 'z')
>                         flags |= 2;
>                 else if (c >= 'A' && c <= 'Z')
>                         flags |= 4;
>                 else if (c >= '0' && c <= '9')
>                         flags |= 1;
>                 else
>                         flags |= 8;
>         }
>         if (flags >= 7 && pwlen >= 4)
>                 ok = 1;
>
> I was intrigued that the "special characters" character set was
> defined negatively, such that control characters would also count.
>
>
> Royce
>

[-- Attachment #2: Type: text/html, Size: 2418 bytes --]

<div dir="ltr"><div class="gmail_default" style="font-size:small">Related story. A user came to us with a problem while we were in our computer room. We asked him to log in at the VAX console, so we could look into the problem. Moments later, dozens of users flooded in, asking what had happened. Seems the first user had a CTRL-P in his password, which, when entered at the console, triggered the VAX to pause.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Oct 18, 2019 at 2:34 PM Royce Williams &lt;<a href="mailto:royce@techsolvency.com">royce@techsolvency.com</a>&gt; wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Fri, Oct 18, 2019 at 7:01 AM Royce Williams &lt;<a href="mailto:royce@techsolvency.com" target="_blank">royce@techsolvency.com</a>&gt; wrote:<br>
<br>
&gt; What original caught my attention was the logic behind enforcing password quality in passwd.c during a specific era of BSD code, which exited ambiguously in a double negative of sorts, where control characters were not disallowed during password entry. (I&#39;ll try to dig up the source.)<br>
<br>
Specifically, see the eras in which passwd.c looked something like this:<br>
<br>
<a href="https://github.com/dank101/4.2BSD/blob/708b3890ac0c2f034f2840b5ee9125b3c83a05bc/bin/passwd.c#L69-L107" rel="noreferrer" target="_blank">https://github.com/dank101/4.2BSD/blob/708b3890ac0c2f034f2840b5ee9125b3c83a05bc/bin/passwd.c#L69-L107</a><br>
<br>
        while (c = *p++) {<br>
                if (c &gt;= &#39;a&#39; &amp;&amp; c &lt;= &#39;z&#39;)<br>
                        flags |= 2;<br>
                else if (c &gt;= &#39;A&#39; &amp;&amp; c &lt;= &#39;Z&#39;)<br>
                        flags |= 4;<br>
                else if (c &gt;= &#39;0&#39; &amp;&amp; c &lt;= &#39;9&#39;)<br>
                        flags |= 1;<br>
                else<br>
                        flags |= 8;<br>
        }<br>
        if (flags &gt;= 7 &amp;&amp; pwlen &gt;= 4)<br>
                ok = 1;<br>
<br>
I was intrigued that the &quot;special characters&quot; character set was<br>
defined negatively, such that control characters would also count.<br>
<br>
<br>
Royce<br>
</blockquote></div>

  reply index

Thread overview: 63+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-10-08 18:38 Norman Wilson
2019-10-08 18:51 ` Arthur Krewat
2019-10-08 21:02   ` Dave Horsfall
2019-10-08 21:22     ` Arthur Krewat
2019-10-09  5:49       ` Nigel Williams
2019-10-09  5:52         ` Nigel Williams
2019-10-09  6:00           ` Warner Losh
2019-10-09  8:16             ` Andy Kosela
2019-10-09  8:53               ` Ken Thompson via TUHS
2019-10-09  9:16                 ` Leah Neukirchen
2019-10-09 23:04           ` Dave Horsfall
2019-10-10  6:31             ` Vincenzo Nicosia
2019-10-09 19:59         ` Rob Pike
2019-10-09 20:09           ` Kurt H Maier
2019-10-09 21:05             ` Bakul Shah
2019-10-09 21:09               ` Warner Losh
2019-10-09 21:16                 ` Arthur Krewat
2019-10-09 22:05                   ` Adam Thornton
2019-10-09 23:28                     ` Steffen Nurpmeso
2019-10-11 12:28             ` Anthony Martin
2019-10-09 20:14           ` Arthur Krewat
2019-10-10 20:24           ` Clem Cole
2019-10-10 20:38             ` Nemo
2019-10-10 20:52               ` John P. Linderman
2019-10-11  6:24               ` Dave Horsfall
2019-10-11 11:09                 ` William Pechter
2019-10-11 23:46           ` Finn O'Leary
2019-10-12  0:21             ` Arthur Krewat
2019-10-10  8:21         ` Dan Cross
2019-10-10 11:58           ` Arthur Krewat
2019-10-10 12:07             ` Leah Neukirchen
2019-10-18 14:34               ` Arthur Krewat
2019-10-18 15:01                 ` Royce Williams
2019-10-18 15:05                   ` Royce Williams
2019-10-18 18:32                   ` Royce Williams
2019-10-19 13:11                     ` John P. Linderman [this message]
2019-10-10 13:57           ` Henry Bent
2019-10-10 14:05             ` Arthur Krewat
2019-10-15 16:32               ` Michael Kjörling
2019-10-10 14:10             ` Leah Neukirchen
2019-10-11  2:49             ` Dave Horsfall
2019-10-08 20:52 ` Dave Horsfall
2019-10-08 21:15   ` Michael Kjörling
  -- strict thread matches above, loose matches on Subject: below --
2019-10-19 13:45 Norman Wilson
2019-10-19 20:27 ` ewe2
2019-10-19 20:41   ` Arthur Krewat
2019-10-03 18:51 Finn O'Leary
2019-10-03 19:30 ` Leah Neukirchen
2019-10-03 20:41   ` Finn O'Leary
2019-10-03 22:04     ` Steffen Nurpmeso
2019-10-03 23:24     ` Dave Horsfall
2019-10-04  0:59       ` WIlliam Cheswick
2019-10-04 16:08         ` Arthur Krewat
2019-10-04 10:29       ` Leah Neukirchen
2019-10-04 15:05         ` Ken Thompson via TUHS
2019-10-05 18:05   ` Tom Jones
2019-10-08 17:38     ` Arthur Krewat
2019-10-08 20:40       ` Dave Horsfall
2019-10-08 20:57         ` Arthur Krewat
2019-10-09 12:55       ` Leah Neukirchen
2019-10-09 16:17         ` Arthur Krewat
2019-10-05 17:29 ` Michael Kjörling
2019-10-05 17:49   ` Arthur Krewat

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAC0cEp8+nb0PXg71ej6LFBB6VHZ_891oqywLwJdyx_ymNYjeXw@mail.gmail.com \
    --to=jpl.jpl@gmail.com \
    --cc=royce@techsolvency.com \
    --cc=tuhs@minnie.tuhs.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

The Unix Heritage Society mailing list

Archives are clonable: git clone --mirror http://inbox.vuxu.org/tuhs

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.tuhs


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git