[freeside] Password Length
ivan
ivan at 420.am
Sat Apr 14 23:45:13 PDT 2001
On Sat, Apr 14, 2001 at 02:44:55PM -0700, Jason Spence wrote:
> On Sat, Apr 14, 2001 at 12:20:29PM -0700, rdailey at colusanet.com developed
> a new theory of relativity and:
>
> > Why is the maximum password length only eight characters? I
> > understand that Unix only uses the first eight characters, anyways,
> > but what about RADIUS?
>
> RADIUS has a limit of 128 characters. See section 5.2 of RFC 2138.
>
> The 8 character bottleneck comes from BSD systems, I think. I know
> that in the past, they only treated the first 8 characters as
> significant, but I'm not sure whether that is still true now that
> they're using MD5.
Historically, not just BSD systems, but all unices, whether BSD-flavoured,
SysV-flavoured (Solaris etc.) or independantly implemented (Linux), have
used a DES-flavoured crypt(3) with 8 significant characters.
--
meow
_ivan
More information about the freeside-users
mailing list