Date: Thu, 19 Mar 1998 18:37:24 -0500 (EST) From: Robert Watson <robert@cyrus.watson.org> To: Tom <tom@uniserve.com> Cc: Richard Stanaford <richard@cube3.erinet.com>, "Randy A. Katz" <randyk@ccsales.com>, questions@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG Subject: Re: Password Characters Not Required??? Message-ID: <Pine.BSF.3.96.980319183112.12515B-100000@trojanhorse.pr.watson.org> In-Reply-To: <Pine.BSF.3.96.980319151824.21872A-100000@shell.uniserve.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 19 Mar 1998, Tom wrote: > > > Indeed it is normal. FreeBSD takes only the first 8 significant > > > characters and then truncates the rest. This is not FreeBSD specific. > > > BSDI is the same way, along with Solaris and other flavors of Unix, I > > > believe. > > > > However, BSD/OS allows you to modify the max password length for > > userclasses, up to 128 characters I think? Similarly, the password > > This is for user entry purposes. FreeBSD has it to. It has nothing to > do with how many password characters might be significant. Actually, I believe it does actually reflect significant characters. On a BSD/OS 3.1 machine, we have the max password length turned way up, and shorter passwords (but above 16 char, say) just don't cut it. These really are significant characters :). >From BSD/OS login.conf(0): widepasswords bool false Use the new wide password format when using the passwd(1) utility. The wide password format al- lows up to 128 signifi- cant characters in the password. Sounds fun to me. Definitely not good in a mixed-OS passwd environment, but good for plain BSD machines. :) > > behavior here is a function of the crypt() used -- with Kerberos, you get > > whatever the Kerberos behavior is -- it certainly has more significant > > characters, however. I would personally like to see change in behavior > > here, perhaps as a login.conf option similar to BSD/OS. I don't see one > > in the -stable login.conf man page, however. > > md5 also has more significant characters (16 I believe). In many ways, > the "secure" (DES) distribution is actually less secure than the default > md5. Yes, it is 16 characters. Robert N Watson Carnegie Mellon University http://www.cmu.edu/ SafePort Network Services http://www.safeport.com/ robert@fledge.watson.org http://www.watson.org/~robert/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980319183112.12515B-100000>