Thus spake Hari:
> Hi all,
> I use openssl-0.9.6 on a RedHat Linux 7.0 system as well as LynxOS system, both
>on i386 machines.
> I use the crypt() function defined in (ssldir)/crypt/des/fcrypt.c
> The output of crypt remains same for passwords with the same first 8 characters.
> I would like to know the maximum length of the password argument to
>crypt(password, salt) function.
It's historically been 8 characters maximum in crypt()-based systems.
Per the crypt(3) man page:
By taking the lowest 7 bit of each character of the key, a
56-bit key is obtained.
While it's not openly stated, anything after the first 8 characters
will be ignored, as are the highest bits of those characters.
S
--
Stephen Sprunk "So long as they don't get violent, I want to
CCIE #3723 let everyone say what they wish, for I myself have
K5SSS always said exactly what pleased me." --Albert Einstein
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
