Related story. A user came to us with a problem while we were in our computer room. We asked him to log in at the VAX console, so we could look into the problem. Moments later, dozens of users flooded in, asking what had happened. Seems the first user had a CTRL-P in his password, which, when entered at the console, triggered the VAX to pause.

On Fri, Oct 18, 2019 at 2:34 PM Royce Williams <royce@techsolvency.com> wrote:
On Fri, Oct 18, 2019 at 7:01 AM Royce Williams <royce@techsolvency.com> wrote:

> What original caught my attention was the logic behind enforcing password quality in passwd.c during a specific era of BSD code, which exited ambiguously in a double negative of sorts, where control characters were not disallowed during password entry. (I'll try to dig up the source.)

Specifically, see the eras in which passwd.c looked something like this:

https://github.com/dank101/4.2BSD/blob/708b3890ac0c2f034f2840b5ee9125b3c83a05bc/bin/passwd.c#L69-L107

        while (c = *p++) {
                if (c >= 'a' && c <= 'z')
                        flags |= 2;
                else if (c >= 'A' && c <= 'Z')
                        flags |= 4;
                else if (c >= '0' && c <= '9')
                        flags |= 1;
                else
                        flags |= 8;
        }
        if (flags >= 7 && pwlen >= 4)
                ok = 1;

I was intrigued that the "special characters" character set was
defined negatively, such that control characters would also count.


Royce