Re: Passwords on Linux systems(for all flavors)

From: Roman Daszczyszak (romandas_at_gmail.com)
Date: 07/13/05

  • Next message: Kyle Wheeler: "Re: Passwords on Linux systems(for all flavors)"
    Date: Wed, 13 Jul 2005 10:00:51 +0200
    To: "focus-linux@securityfocus.com" <focus-linux@securityfocus.com>
    
    

    How long is the standard password MD5 hash, 128 bits? So
    theoretically, the longer the password gets, the likelyhood of rolling
    over the top number and getting duplicate hashes for multiple password
    increases as well, yes?

    I mean, I'm not sure exactly how the MD5 hash algorithm works, but I'm
    sure there's a finite size to the input, after which it becomes
    ineffective because of the duplication I mention above.

    Just wanted to ask while we're on this thread. :)

    Roman

    > From: Glynn Clements <glynn@gclements.plus.com>
    > To: shyaam@gmail.com
    > Date: Sun, 10 Jul 2005 22:02:43 +0100
    > Subject: Re: Passwords on Linux systems(for all flavors)
    >
    > shyaam@gmail.com wrote:
    >
    > > I would like to know the place where I can find the linux password
    > > constraints for the various linux flavors. What I mean is the details
    > > like number of key spaces or the key length, the types of charactors
    > > that can be used, the restrictions and the number of times the
    > > password can be tried if not infinite, etc. I am in need of these
    > > details very urgently, so please do help me on this topic.
    >
    > On any system which uses PAM (which is almost every modern Linux
    > system), most of these are configuration options, controlled through
    > the files in /etc/pam.d and /etc/security.
    >
    > For the underlying libc crypt() function, assuming MD5 passwords, the
    > password can be any NUL-terminated string. There is no minimum or
    > maximum length, nor any restriction on which characters (bytes) the
    > password can contain.
    >
    > However, if a password contains any control characters or non-ASCII
    > (8-bit) characters, there may be problems entering it in certain
    > contexts. Also, individual programs may read the password into a
    > fixed-size buffer, which will impose an upper limit on the length of a
    > password.
    >
    > --
    > Glynn Clements <glynn@gclements.plus.com>


  • Next message: Kyle Wheeler: "Re: Passwords on Linux systems(for all flavors)"

    Relevant Pages

    • Re: Encodings and MD5
      ... As to whether there is standard encoding that is expected for those reading ... an MD5 hash of character data, ... characters? ... to grab the bytes that make up the string" you must first define how that ...
      (microsoft.public.dotnet.languages.csharp)
    • Re: Mission: Difficult [encrypt/obfuscate 9-digit SSN into 20 chars or less]
      ... XOR the SSN with the key characters in order. ... the Crypto API or CAPICOM to create an MD5 hash, and then take the first 20 ... Maybe I'm overthinking the problem somehow? ...
      (microsoft.public.dotnet.languages.csharp)
    • Re: md5 newbie question
      ... >requesting an md5 hash of the literal string of characters ...
      (freebsd-questions)
    • Tab chars are a gotcha in Update editor w/ accuterm
      ... So Telnet from microsoft is out. ... the linux man pages, in that they have a few characters ... Accuterm thus far does not seem to support Unicode, ... it nicely puts up some garbage characters onscreen to show ...
      (comp.databases.pick)
    • Horribly overdue update to unicode.txt
      ... of the Linux Assigned Names And Numbers Authority project. ... The Linux kernel code has been rewritten to use Unicode to map ... In particular, ESC (U is no longer "straight to font", since the font ... Actual characters assigned in the Linux Zone ...
      (Linux-Kernel)