Re: Passwords on Linux systems(for all flavors)

From: Roman Daszczyszak (romandas_at_gmail.com)
Date: 07/13/05

  • Next message: Kyle Wheeler: "Re: Passwords on Linux systems(for all flavors)"
    Date: Wed, 13 Jul 2005 10:00:51 +0200
    To: "focus-linux@securityfocus.com" <focus-linux@securityfocus.com>
    
    

    How long is the standard password MD5 hash, 128 bits? So
    theoretically, the longer the password gets, the likelyhood of rolling
    over the top number and getting duplicate hashes for multiple password
    increases as well, yes?

    I mean, I'm not sure exactly how the MD5 hash algorithm works, but I'm
    sure there's a finite size to the input, after which it becomes
    ineffective because of the duplication I mention above.

    Just wanted to ask while we're on this thread. :)

    Roman

    > From: Glynn Clements <glynn@gclements.plus.com>
    > To: shyaam@gmail.com
    > Date: Sun, 10 Jul 2005 22:02:43 +0100
    > Subject: Re: Passwords on Linux systems(for all flavors)
    >
    > shyaam@gmail.com wrote:
    >
    > > I would like to know the place where I can find the linux password
    > > constraints for the various linux flavors. What I mean is the details
    > > like number of key spaces or the key length, the types of charactors
    > > that can be used, the restrictions and the number of times the
    > > password can be tried if not infinite, etc. I am in need of these
    > > details very urgently, so please do help me on this topic.
    >
    > On any system which uses PAM (which is almost every modern Linux
    > system), most of these are configuration options, controlled through
    > the files in /etc/pam.d and /etc/security.
    >
    > For the underlying libc crypt() function, assuming MD5 passwords, the
    > password can be any NUL-terminated string. There is no minimum or
    > maximum length, nor any restriction on which characters (bytes) the
    > password can contain.
    >
    > However, if a password contains any control characters or non-ASCII
    > (8-bit) characters, there may be problems entering it in certain
    > contexts. Also, individual programs may read the password into a
    > fixed-size buffer, which will impose an upper limit on the length of a
    > password.
    >
    > --
    > Glynn Clements <glynn@gclements.plus.com>


  • Next message: Kyle Wheeler: "Re: Passwords on Linux systems(for all flavors)"