Linux Password Length Limitation

[Creedyou]

Why is there a limit of 8 characters on the password character length for FC3 and probably other Unix-like OS's? Google tells me its a long standing limitation from the old days, but that doesn't mean much.

 

[drag]

I don't know what your talking about. 8 character passwords are about a minimum you need for decent security nowadays.

I regularly use passwords upwards to 20 characters on my Linux boxes...

 

[Nothinman]

I believe it was a limitation of the older crypt(3) function and it's use of DES, but now that MD5 is the standard for shadow passwords I don't think it matters any more. There could also still be issues with interoperability with commercial unix systems that don't like being given more than 8 char passwords.

 

[drag]

I was thinking that maybe he setup a web service or something like that and it didn't allow passwords more then 8 characters.

And FC3 is new enough that it never had limits like that. When did Redhat start using Md5 stuff? Redhat 6 or 4 or something like that?

 

[nweaver]

Suse used to default (iirc) to blowfish, and had an 8 character limit. I still have a few, and it pisses me off, because my normal passwords are all 10+, and I forget until after the first two login attempts.

Of course, that all is moving away now as I replace the boxes, and require SSH keys to remote into the box.

 

[Creedyou]

Nothinman, you appear to be correct. The crypt function takes in a const char * password according to crypt(3)

 

[Nothinman]

Nothinman, you appear to be correct.

Finally, someone notices =)