Maximum LOGIN lenght

Maximum LOGIN lenght

Post by Stephen Montgomery-Smit » Sun, 10 Jan 1999 04:00:00




> Dear friends:

> I know that some implementations only accept logins that have at maximum
> 8 characters  lenght.  Under FREEBSD I can't see any documentation  that
> present how many characters can logins have?

Look at http://www.freebsd.org/FAQ/FAQ226.html#226 - it looks like
in FreeBSD the limit has been changed to 16.

--




University of Missouri-Columbia
Columbia, MO 65211
USA

Phone (573) 882 4540
Fax   (573) 882 1869

http://math.missouri.edu/~stephen

 
 
 

Maximum LOGIN lenght

Post by Fernando Cozinhei » Mon, 11 Jan 1999 04:00:00


Dear friends:

I know that some implementations only accept logins that have at maximum
8 characters  lenght.  Under FREEBSD I can't see any documentation  that
present how many characters can logins have?

Could anyone help me to clarify  this  subject?  I would  appreciate  it
very much.  Please, reply by email.

Best regards.

--
Fernando Cozinheiro                          http://sweet.ua.pt/~cooker/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Universidade de Aveiro                       Phone:   +351 34 370345
Centro de Informatica e Comunicacoes         Telefax: +351 34 370214
3810 Aveiro
Portugal

 
 
 

Maximum LOGIN lenght

Post by Anthony Jenkin » Mon, 11 Jan 1999 04:00:00




> > Dear friends:

> > I know that some implementations only accept logins that have at maximum
> > 8 characters  lenght.  Under FREEBSD I can't see any documentation  that
> > present how many characters can logins have?

> Look at http://www.freebsd.org/FAQ/FAQ226.html#226 - it looks like
> in FreeBSD the limit has been changed to 16.

I've been wondering how to get my system to accept passwords over 8
characters, it seems to truncate what I enter to 8 chars, ignoring
anything more.  Think it'd be as involved as the login name increase?
--
Anthony Jenkins
aka Scoobi_FreeBSD at http://chat.yahoo.com , Computer sections
http://www.auburn.edu/~jenkian
------
Doh - Homer Simpson
 
 
 

Maximum LOGIN lenght

Post by s.. » Mon, 11 Jan 1999 04:00:00


>From: Anthony Jenkins


>> > Dear friends:

>> > I know that some implementations only accept logins that have at maximum
>> > 8 characters  lenght.  Under FREEBSD I can't see any documentation  that
>> > present how many characters can logins have?

>> Look at http://www.freebsd.org/FAQ/FAQ226.html#226 - it looks like
>> in FreeBSD the limit has been changed to 16.

>I've been wondering how to get my system to accept passwords over 8
>characters, it seems to truncate what I enter to 8 chars, ignoring
>anything more.  Think it'd be as involved as the login name increase?

I'm using bog standard FreeBSD (various from 2.2.2 to 2.2.7) with passwords
between 80-110 characters. Yes, ten times the length that you're saying.
Change the last character and they don't work, i.e. it's using the whole
lot. Hey, I'm a fast typist and hate people peering over my shoulder :-)

But if you've chosen to use DES, you'll be limited to 8 character passwords,
last I heard, and any extra characters will probably be ignored as you say.

Regards,
        -*Sue*-

sue at welearn dot com dot au

 
 
 

Maximum LOGIN lenght

Post by Rainer M Duffne » Mon, 11 Jan 1999 04:00:00





> > Dear friends:

> > I know that some implementations only accept logins that have at maximum
> > 8 characters  lenght.  Under FREEBSD I can't see any documentation  that
> > present how many characters can logins have?

> Look at http://www.freebsd.org/FAQ/FAQ226.html#226 - it looks like
> in FreeBSD the limit has been changed to 16.

For current (or 3.0.-Release and on-wards), only. (I think, from a
posting of JHK).
2.2.x still uses 8 characters.

cheers,
Rainer
--
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


|Fachhochschule Konstanz, Germany                |
|"What's a Network ?"  - Bill Gates, early 1980s |

|(die alte E-Mail Adresse) verf?llt zum 31.12.98 |
|   WWW:http://www-stud.fh-konstanz.de/~duffner  |
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 
 
 

Maximum LOGIN lenght

Post by Lance Woodso » Mon, 11 Jan 1999 04:00:00



> >From: Anthony Jenkins


> >> > Dear friends:

> >> > I know that some implementations only accept logins that have at maximum
> >> > 8 characters  lenght.  Under FREEBSD I can't see any documentation  that
> >> > present how many characters can logins have?

> >> Look at http://www.freebsd.org/FAQ/FAQ226.html#226 - it looks like
> >> in FreeBSD the limit has been changed to 16.

> >I've been wondering how to get my system to accept passwords over 8
> >characters, it seems to truncate what I enter to 8 chars, ignoring
> >anything more.  Think it'd be as involved as the login name increase?

> I'm using bog standard FreeBSD (various from 2.2.2 to 2.2.7) with passwords
> between 80-110 characters. Yes, ten times the length that you're saying.
> Change the last character and they don't work, i.e. it's using the whole
> lot. Hey, I'm a fast typist and hate people peering over my shoulder :-)

> But if you've chosen to use DES, you'll be limited to 8 character passwords,
> last I heard, and any extra characters will probably be ignored as you say.

True, DES does ignore everything after the 8th character.

1.  Are longer passwords safer than 8 character DES passwords?
2.  If so, how do you go about uninstalled DES?

Thanks.

 
 
 

Maximum LOGIN lenght

Post by Frank Cra » Wed, 13 Jan 1999 04:00:00




Quote:>> But if you've chosen to use DES, you'll be limited to 8 character passwords,
>> last I heard, and any extra characters will probably be ignored as you say.
>True, DES does ignore everything after the 8th character.

Actually, DES can easily handle longer password. It is the standard
DES-based password encryption program that is limited to 8 characters.
You can go into the source code and change that, if you feel like it.
I don't think that would mess up anything else, but I'm not sure.
One easy change, that I am fairly sure would work without problems,
is to alter the way the salt is handled. E.g. reverse the order of
the two-character salt, then pass it on the the normal password
encryption program. That seems like a simple and transparent change,
but it would prevent someone running a crack-like program on another
machine from learning anything from your passwd file.

Quote:>1.  Are longer passwords safer than 8 character DES passwords?

I don't think so. Working through all 2^56 possibilities for
an 8 bit password is still computationally impossible. I think
the real issue is weak versus strong passwords. E.g. ``secret''
is a very bad password but within the 8 character limit; ``verysecret''
would still be a very bad password even though it uses more
than eight characters. Basically, you want to make sure passwords
are hard to guess (and, these days, ``easy to guess'' means
pretty much any word, or combination of words, that can be
found in any dictionary, list of names, etc.) I don't think
an 8 character limit really restricts the choices of strong
passwords. I can see some advantage, but I really think the
problem is to get all of your users to adopt strong passwords.
rather than allowing them to use longer, maybe-strong-maybe-weak
passwords.

                                                       Frank Crary
                                                       CU Boulder