Re: passwd character limitations
- To: Federico Grau <grauf@rfa.org>, debian-security@lists.debian.org
- Subject: Re: passwd character limitations
- From: lupe@lupe-christoph.de (Lupe Christoph)
- Date: Sat, 1 Nov 2003 13:02:49 +0100
- Message-id: <[🔎] 20031101120248.GA6432@lupe-christoph.de>
- In-reply-to: <20031031234120.GF2226@mathom.us>
- References: <200310291513.h9TFDcB23039@mms-r00.iijmio.jp> <20031030060940.GA6350@dijkstra.csh.rit.edu> <200310300804.h9U84ma21199@mms-r00.iijmio.jp> <20031030163443.GD6350@dijkstra.csh.rit.edu> <44749.80.58.1.46.1067532574.squirrel@www.hosting-seguridad.com> <20031030172109.GJ6350@dijkstra.csh.rit.edu> <cgn2qv8ri3g7dcqarjd8vi248pm5952c9i@4ax.com> <20031031052234.GA21747@zionlth.org> <20031031234120.GF2226@mathom.us>
On Friday, 2003-10-31 at 18:41:20 -0500, Michael Stone wrote:
> >I'm looking for a list of characters that are not allowable (or that
> >cause problems) for passwords if any under a standard Debian GNU/Linux
> >install (using md5).
> AFAIK, there aren't any. You may run into limitations in particular
> programs, but there shouldn't be any limits on the input to the hash
> function whose output is stored in the shadow file.[0]
> 0. With the obvious exception that C strings don't like null bytes. So
> try to avoid hitting the null key on your keyboard. :)
You forgot that a ':' as part of the encrypted password will cause
problems ;-)
Actually, MD5 passwords seem to be encoded with a quite restricted
character set. Alas, the manpages provide no information on this, only
on the encoding of crypt()ed passwords.
Perhaps you should file a bug against the passwd packages...
Reading /usr/share/perl5/Crypt/PasswdMD5.pm which claims to be "based on
the implementation found on FreeBSD 2.2.[56]-RELEASE", MD5 passwords
consist of the invariant string '$1$' and the encrypted password encoded
with the alphabet [./a-zA-Z]. This is similar to Base64 encoding, but
uses a different alphabet.
HTH,
Lupe Christoph
--
| lupe@lupe-christoph.de | http://www.lupe-christoph.de/ |
| "Violence is the resort of the violent" Lu Tze |
| "Thief of Time", Terry Pratchett |
Reply to: