On Sat, 14 Jun 2014, Bob Proulx wrote:
The biggest problem I have found using random passwords is that some sites truncate the password to a shorter number of characters. Some of those are fairly high profile sites! http://www.schwab.com/ is a good example that truncates passwords at eight characters. There is no defensible rationale for doing that truncation. When I see that I assume that means that they are storing the plaintext of the password somewhere. Otherwise if they were properly hashing the password why would they feel the need to truncate it?
well, this doesn't look all that old... http://docs.oracle.com/cd/E18752_01/html/816-4558/toc.html
The System Administration Guide: Naming and Directory Services (NIS+) Copyright © 1994, 2010, Oracle and/or its affiliates. All rights reserved.
and, drilling down a little... http://docs.oracle.com/cd/E18752_01/html/816-4558/a08paswd-15680.html
A password must meet the following requirements: * Length. By default, a password must have at least six characters. Only the first eight characters are significant. (In other words, you can have a password that is longer than eight characters, but the system only checks the first eight.) Because the minimum length of a password can be changed by a system administrator, it may be different on your system.
pretty nice, eh? there is an NIS package in debian. couldn't find any indication of its maximum (significant) password length, myself. does it check more than eight characters? -wes