Re: passwd character limitations

[lupe@lupe-christoph.de (Lupe Christoph)]

On Friday, 2003-10-31 at 18:41:20 -0500, Michael Stone wrote:
> >I'm looking for a list of characters that are not allowable (or that
> >cause problems) for passwords if any under a standard Debian GNU/Linux
> >install (using md5).  

> AFAIK, there aren't any. You may run into limitations in particular
> programs, but there shouldn't be any limits on the input to the hash
> function whose output is stored in the shadow file.[0]

> 0. With the obvious exception that C strings don't like null bytes. So
> try to avoid hitting the null key on your keyboard. :)

You forgot that a ':' as part of the encrypted password will cause
problems ;-)

Actually, MD5 passwords seem to be encoded with a quite restricted
character set. Alas, the manpages provide no information on this, only
on the encoding of crypt()ed passwords.

Perhaps you should file a bug against the passwd packages...

Reading /usr/share/perl5/Crypt/PasswdMD5.pm which claims to be "based on
the implementation found on FreeBSD 2.2.[56]-RELEASE", MD5 passwords
consist of the invariant string '$1$' and the encrypted password encoded
with the alphabet [./a-zA-Z]. This is similar to Base64 encoding, but
uses a different alphabet.

HTH,
Lupe Christoph
-- 
| lupe@lupe-christoph.de       |           http://www.lupe-christoph.de/ |
| "Violence is the resort of the violent" Lu Tze                         |
| "Thief of Time", Terry Pratchett                                       |