maximum password length
Martin Hopkins
martin.hopkins at insignia.com
Fri Aug 6 13:47:06 BST 1999
>>>>> "Richard" == Richard Smith <rsmith at trltech.co.uk> writes:
Richard> Quite by chance, my daughter discovered that FreeBSD is only treating
Richard> the first eight characters of the login password as significant. The man
Richard> page for passwd (as does the include file) suggests that the max length
Richard> should be 128. This is a fairly standard 3.2R installation (including
Richard> all the security bits) from the CD.
Richard> Any clues? Or have I missed something?
Take a look at the encoded password, are they 13 characters. From
crypt(3)...
For compatibility with historical versions of crypt(3), the setting may
consist of 2 bytes of salt, encoded as above, in which case an iteration
count of 25 is used, fewer perturbations of DES are available, at most 8
characters of key are used, and the returned value is a NUL-terminated
string 13 bytes in length.
Looks like this is being used for some reason. Are you using DES or MD5?
I don't have the sources at hand, I'll take a look at the code later.
Martin
--
Martin Hopkins | martin.hopkins at insignia.com
Insignia Solutions Plc, | martin at uk.freebsd.org
The Mercury Centre, Wycombe Lane | Tel: (+44) 1628 539537
Wooburn Green, Bucks, HP10 0HH, UK. | Fax: (+44) 1628 539501
More information about the Ukfreebsd
mailing list