GNOME Bugzilla – Bug 155560
Password length blocked to 8 chars
Last modified: 2010-08-28 11:45:19 UTC
Please describe the problem: I wanted to set my password, but after 8 chars entered there's no more * appearing, like if the password has a maximum of 8 chars Steps to reproduce: 1. Check on 'Allow other users to view your desktop' 2. Check 'Required the user to enter this password' 3. Enter something with more than 8 characters Actual results: I can't enter more than 8 characters Expected results: That my password is fully taken Does this happen every time? Yes Other information: I don't know if it's related but if I enter something like 12345678 as my password and I connect to my desktop with 'vncviewer 127.0.0.1:0', when I'm asked to enter the password I enter 12345678<some other random char> , the connection is made even if the password is obliviously wrong.
Standard problem with VNC: http://www.uk.research.att.com/archive/vnc/faq.html#q55 I think the FAQ is wrong, though. The problem stems from the fact that VNC authentication is a simple challenge-response scheme where you're password is used as a key to encrypt a 16 byte challenge from the server. DES's key length is 56 bits - i.e. 7 characters.
*** Bug 425273 has been marked as a duplicate of this bug. ***
*** Bug 628164 has been marked as a duplicate of this bug. ***