Maximum Number of Usable Chars in Password
I searched (web and source code), but didn't find ... :( Short passwords are not good. Long passwords are better. But how long can they effectively be? I.e., if I enter 100 chars into the 'passwd' command, how many are actually used? All 100? ... I kind of doubt it ... I want to use the longest password possible in wheezy, but don't want to enter extra chars if, in fact, they are ignored. Thanks for your comments! -- Prof Kenneth H Jacker (ret) k...@cs.appstate.edu Computer Science Dept www.cs.appstate.edu/~khj Appalachian State Univ Boone, NC 28608 USA -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87a998ydgg@be.cs.appstate.edu
Re: Maximum Number of Usable Chars in Password
On Thu, 19 Jun 2014 14:13:51 -0400 Kenneth Jacker k...@be.cs.appstate.edu wrote: But how long can they effectively be? I.e., if I enter 100 chars into the 'passwd' command, how many are actually used? All 100? ... I kind of doubt it ... I want to use the longest password possible in wheezy, but don't want to enter extra chars if, in fact, they are ignored. That should be 256 or even more, and to be sure that all characters are accounted, just: grep myusername /etc/shadow to see if the hash has changed (but I really doubt Debian would let you enter a p/w exceeding max length…) -- Corsican Proverb: If you feel like working, then sit and wait for it to pass! signature.asc Description: PGP signature
Re: Maximum Number of Usable Chars in Password
Hi. On Thu, 19 Jun 2014 14:13:51 -0400 Kenneth Jacker k...@be.cs.appstate.edu wrote: But how long can they effectively be? I.e., if I enter 100 chars into the 'passwd' command, how many are actually used? It depends on password hasing algorithm used by passwd. For example, [1] declares that there's an artificial limit on password's length of 127 bytes when using md5 and 72 bytes when using blowfish. [2] provides somewhat useful (modern Debian use SHA512, not MD5 for password hashing) Perl script to measure an actual password length (need to be modified for SHA512, of course). Finally, [3] explains that the only current limit that crypt(3) (a library call used by passwd) has on a password length is limited by amount of RAM (and swap too:) one has available for storing unhashed password. [1] http://www.ratliff.net/blog/2007/09/20/password-length/ [2] http://blog.anthonyrthompson.com/2010/02/maximum-password-length-on-linux/ [3] http://superuser.com/questions/148971/what-is-the-max-length-of-password-on-unix-linux-system Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140620013425.9b03b50922021ecc134e6...@gmail.com
