On Friday, 2003-10-31 at 18:41:20 -0500, Michael Stone wrote: > >I'm looking for a list of characters that are not allowable (or that > >cause problems) for passwords if any under a standard Debian GNU/Linux > >install (using md5).
> AFAIK, there aren't any. You may run into limitations in particular > programs, but there shouldn't be any limits on the input to the hash > function whose output is stored in the shadow file.[0] > 0. With the obvious exception that C strings don't like null bytes. So > try to avoid hitting the null key on your keyboard. :) You forgot that a ':' as part of the encrypted password will cause problems ;-) Actually, MD5 passwords seem to be encoded with a quite restricted character set. Alas, the manpages provide no information on this, only on the encoding of crypt()ed passwords. Perhaps you should file a bug against the passwd packages... Reading /usr/share/perl5/Crypt/PasswdMD5.pm which claims to be "based on the implementation found on FreeBSD 2.2.[56]-RELEASE", MD5 passwords consist of the invariant string '$1$' and the encrypted password encoded with the alphabet [./a-zA-Z]. This is similar to Base64 encoding, but uses a different alphabet. HTH, Lupe Christoph -- | [EMAIL PROTECTED] | http://www.lupe-christoph.de/ | | "Violence is the resort of the violent" Lu Tze | | "Thief of Time", Terry Pratchett |
