Re: Maximum Number of Usable Chars in Password
Hi.
On Thu, 19 Jun 2014 14:13:51 -0400
Kenneth Jacker <khj@be.cs.appstate.edu> wrote:
> But how long can they effectively be? I.e., if I enter 100 chars into
> the 'passwd' command, how many are actually used?
It depends on password hasing algorithm used by passwd.
For example, [1] declares that there's an artificial limit on
password's length of 127 bytes when using md5 and 72 bytes when using
blowfish.
[2] provides somewhat useful (modern Debian use SHA512, not MD5 for
password hashing) Perl script to measure an actual password length
(need to be modified for SHA512, of course).
Finally, [3] explains that the only current limit that crypt(3) (a
library call used by passwd) has on a password length is limited by
amount of RAM (and swap too:) one has available for storing unhashed
password.
[1] http://www.ratliff.net/blog/2007/09/20/password-length/
[2] http://blog.anthonyrthompson.com/2010/02/maximum-password-length-on-linux/
[3] http://superuser.com/questions/148971/what-is-the-max-length-of-password-on-unix-linux-system
Reco
Reply to: