Re: spaces in passwords
Michael D'Errico <Mike@software.com> Tue, 31 May 1994 19:57 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa12747; 31 May 94 15:57 EDT
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa12743; 31 May 94 15:57 EDT
Received: from PO5.ANDREW.CMU.EDU by CNRI.Reston.VA.US id aa08450; 31 May 94 15:57 EDT
Received: (from postman@localhost) by po5.andrew.cmu.edu (8.6.7/8.6.6) id PAA25054; Tue, 31 May 1994 15:51:48 -0400
Received: via switchmail for ietf-pop3+@andrew.cmu.edu; Tue, 31 May 1994 15:51:47 -0400 (EDT)
Received: from po3.andrew.cmu.edu via qmail ID </afs/andrew.cmu.edu/service/mailqs/q003/QF.whutGre00Udb9ds04y>; Tue, 31 May 1994 15:49:12 -0400 (EDT)
Received: from rome.software.com (rome.software.com [198.17.234.2]) by po3.andrew.cmu.edu (8.6.7/8.6.6) with ESMTP id PAA27098 for <ietf-pop3@andrew.cmu.edu>; Tue, 31 May 1994 15:49:06 -0400
Received: from rome (rome.software.com [127.0.0.1]) by rome.software.com with ESMTP id AAA23248; Tue, 31 May 1994 12:49:01 -0700
To: Steve Dorner <sdorner@qualcomm.com>
cc: ietf-pop3@andrew.cmu.edu
Subject: Re: spaces in passwords
In-reply-to: Your message of "Fri, 27 May 1994 10:25:44 CDT." <aa0bc05a01021015d1a6@[192.17.5.3]>
Date: Tue, 31 May 1994 12:48:59 -0700
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Michael D'Errico <Mike@software.com>
Message-ID: <19940531204900.AAA23248@rome.software.com>
> What about spaces in passwords? They don't work. I'd like to see that fixed. I guess it depends on how PASS is implemented by the server. I just read every character (except leading spaces) after PASS up to the CR LF and use that as the password. I agree that a better (or at least more precise) definition of what is valid syntax for a password is needed. (This is also true for a name in the USER command.) > A simple escape convention would do it: > > pass foo\ bar This seems like a reasonable convention, but it would require modifying all existing servers and clients, something that is just not practical. Instead, if we require that there be exactly one space between the PASS and the password, then there should be no problem even with passwords that have leading space. A robust server implementation when confronted with a PASS command such as PASS foo bar could try " foo bar" first, then " foo bar", and finally "foo bar", looking for a valid password match. This approach weakens passwords that begin with spaces though.... Michael D'Errico mike@software.com
- spaces in passwords Steve Dorner
- Re: spaces in passwords John Gardiner Myers
- Re: spaces in passwords Steve Dorner
- Re: spaces in passwords John Gardiner Myers
- Re: spaces in passwords Steve Dorner
- Re: spaces in passwords John Gardiner Myers
- Re: spaces in passwords Steve Dorner
- Re: spaces in passwords Glenn Anderson
- Re: spaces in passwords Michael D'Errico