maximum password length

Martin Hopkins martin.hopkins at insignia.com
Fri Aug 6 13:47:06 BST 1999


>>>>> "Richard" == Richard Smith <rsmith at trltech.co.uk> writes:

    Richard> Quite by chance, my daughter discovered that FreeBSD is only treating
    Richard> the first eight characters of the login password as significant. The man
    Richard> page for passwd (as does the include file) suggests that the max length
    Richard> should be 128. This is a fairly standard 3.2R installation (including
    Richard> all the security bits) from the CD. 

    Richard> Any clues? Or have I missed something?

Take a look at the encoded password, are they 13 characters.  From
crypt(3)...


     For compatibility with historical versions of crypt(3),  the setting may
     consist of 2 bytes of salt, encoded as above, in which case an iteration
     count of 25 is used, fewer perturbations of DES are available, at most 8
     characters of key are used, and the returned value is a NUL-terminated
     string 13 bytes in length.

Looks like this is being used for some reason.  Are you using DES or MD5?
I don't have the sources at hand, I'll take a look at the code later.

Martin

-- 
Martin Hopkins                      | martin.hopkins at insignia.com
Insignia Solutions Plc,             | martin at uk.freebsd.org
The Mercury Centre, Wycombe Lane    | Tel: (+44) 1628 539537
Wooburn Green, Bucks, HP10 0HH, UK. | Fax: (+44) 1628 539501





More information about the Ukfreebsd mailing list