Date: Mon, 4 Oct 1999 12:03:39 -0700 (PDT) From: Kris Kennaway <kris@hub.freebsd.org> To: Mike Tancsa <mike@sentex.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Long username/password Message-ID: <Pine.BSF.4.10.9910041158280.83141-100000@hub.freebsd.org> In-Reply-To: <3.0.5.32.19991004144542.010443b0@staff.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 4 Oct 1999, Mike Tancsa wrote: > >Don't install the DES libcrypt libraries; DES passwords are 8 characters, > >MD5 are (effectively) infinite. Long user names are already supported, I > >do believe. > > Infinite ? I thought they only honoured the first 16 chars in this case ? Well, I wasn't quite correct here. PASSWORD_LEN = 128 MD5 (i.e. crypt() if you don't have the DES libraries, or you're using my libcrypt replacement) just does a hash over whatever string is presented to it, which passwd(1) limits to a max of PASSWORD_LEN characters. crypt() can deal with effectively infinite passwords, but passwd(1) puts a wrapper around it. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9910041158280.83141-100000>