Hi. On Thu, 19 Jun 2014 14:13:51 -0400 Kenneth Jacker <[email protected]> wrote:
> But how long can they effectively be? I.e., if I enter 100 chars into > the 'passwd' command, how many are actually used? It depends on password hasing algorithm used by passwd. For example, [1] declares that there's an artificial limit on password's length of 127 bytes when using md5 and 72 bytes when using blowfish. [2] provides somewhat useful (modern Debian use SHA512, not MD5 for password hashing) Perl script to measure an actual password length (need to be modified for SHA512, of course). Finally, [3] explains that the only current limit that crypt(3) (a library call used by passwd) has on a password length is limited by amount of RAM (and swap too:) one has available for storing unhashed password. [1] http://www.ratliff.net/blog/2007/09/20/password-length/ [2] http://blog.anthonyrthompson.com/2010/02/maximum-password-length-on-linux/ [3] http://superuser.com/questions/148971/what-is-the-max-length-of-password-on-unix-linux-system Reco -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
