How long is the standard password MD5 hash, 128 bits? So
theoretically, the longer the password gets, the likelyhood of rolling
over the top number and getting duplicate hashes for multiple password
increases as well, yes?
I mean, I'm not sure exactly how the MD5 hash algorithm works, but I'm
sure there's a finite size to the input, after which it becomes
ineffective because of the duplication I mention above.
Just wanted to ask while we're on this thread. :)
Roman
From: Glynn Clements <glynn@gclements.plus.com>
To: shyaam@gmail.com
Date: Sun, 10 Jul 2005 22:02:43 +0100
Subject: Re: Passwords on Linux systems(for all flavors)
shyaam@gmail.com wrote:
I would like to know the place where I can find the linux password
constraints for the various linux flavors. What I mean is the details
like number of key spaces or the key length, the types of charactors
that can be used, the restrictions and the number of times the
password can be tried if not infinite, etc. I am in need of these
details very urgently, so please do help me on this topic.
On any system which uses PAM (which is almost every modern Linux
system), most of these are configuration options, controlled through
the files in /etc/pam.d and /etc/security.
For the underlying libc crypt() function, assuming MD5 passwords, the
password can be any NUL-terminated string. There is no minimum or
maximum length, nor any restriction on which characters (bytes) the
password can contain.
However, if a password contains any control characters or non-ASCII
(8-bit) characters, there may be problems entering it in certain
contexts. Also, individual programs may read the password into a
fixed-size buffer, which will impose an upper limit on the length of a
password.
--
Glynn Clements <glynn@gclements.plus.com>
