CertPal

Many passwords in linux are encrypted using the crypt() utility. The user is usually not aware of the difference between a crypt and a MD5 encryption. Well it can turn out to be important, especially if crypt uses the default DES-based scheme to perform the encryption.

The problem with crypt() + Traditional DES is that it truncates the password length to 8 characters. Users are not usually aware of this and assume that the entire length of the password has been saved and encrypted. Take the apache tool htpasswd for example. It uses crypt() to encrypt passwords (It may also use its own MD5 routine) into a password file. The following command creates a new user in a password file

htpasswd password_file new_user