Re: Maximum Number of Usable Chars in Password

To: debian-user@lists.debian.org
Subject: Re: Maximum Number of Usable Chars in Password
From: Reco <recoverym4n@gmail.com>
Date: Fri, 20 Jun 2014 01:34:25 +0400
Message-id: <[🔎] 20140620013425.9b03b50922021ecc134e6819@gmail.com>
In-reply-to: <[🔎] 87a998ydgg.fsf@be.cs.appstate.edu>
References: <[🔎] 87a998ydgg.fsf@be.cs.appstate.edu>

 Hi.

On Thu, 19 Jun 2014 14:13:51 -0400
Kenneth Jacker <khj@be.cs.appstate.edu> wrote:

> But how long can they effectively be?  I.e., if I enter 100 chars into
> the 'passwd' command, how many are actually used?

It depends on password hasing algorithm used by passwd. 
For example, [1] declares that there's an artificial limit on
password's length of 127 bytes when using md5 and 72 bytes when using
blowfish. 

[2] provides somewhat useful (modern Debian use SHA512, not MD5 for
password hashing) Perl script to measure an actual password length
(need to be modified for SHA512, of course).

Finally, [3] explains that the only current limit that crypt(3) (a
library call used by passwd) has on a password length is limited by
amount of RAM (and swap too:) one has available for storing unhashed
password.

[1] http://www.ratliff.net/blog/2007/09/20/password-length/

[2] http://blog.anthonyrthompson.com/2010/02/maximum-password-length-on-linux/

[3] http://superuser.com/questions/148971/what-is-the-max-length-of-password-on-unix-linux-system

Reco

Reply to:

References:
- Maximum Number of Usable Chars in Password
  - From: Kenneth Jacker <khj@be.cs.appstate.edu>

Prev by Date: Re: systemd man pages
Next by Date: Re: Early access to a console (during runlevel 1)
Previous by thread: Re: Maximum Number of Usable Chars in Password
Next by thread: need to roll back nvidia driver
Index(es):
- Date
- Thread