[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Shadow Passwords

Ian Jackson:
> Well, speaking as one of those `some people', I'd like to point out
> that things like the recent security hole in login where typing in a
> long username would cause a buffer overrun don't exactly give me great
> confidence in the implementation quality.


I'm neutral about shadow passwords myself, but there are a couple of
things I dream about, some of which shadows provide:

	Long passwords, with a maximum of at least 128 characters.
	I much prefer a passphrase, since it is easier to remember than
	a password.
	Long usernames; my last name is longer than 8 characters, and I
	hate to have it truncated.  This is also required for the
	next step.
	8-bit clean usernames and passwords, preferably by encoding
	them both with the UTF-2 encoding of Unicode.
That last one, especially, is a bit of problem to implement...

All of these, I realize, make things difficult for people in a networked
environment, so they would have to be made optional.

Reply to: