Flexpasswords
karl at haddock.UUCP
karl at haddock.UUCP
Fri Mar 13 11:18:39 AEST 1987
It has always annoyed me that passwords have a *maximum* length of 8. (Yes,
of course you can use a longer password, in the same sense that you can use a
long identifier in pre-flexname C; it just gets truncated.) The original
reason seems to be that the 8 bytes are copied into an array of 64 bits which
is then massaged into the 11 sixbit characters in the encrypted password.
However, one could instead hash the *entire* string into a 64-bit value (it
can even be done in a compatible way for short strings). Has anyone ever
implemented this? Would it be a significant security improvement? Is it
generally believed that nobody would use such a long password voluntarily? (I
would; I used to have a 15-char password.)
Karl W. Z. Heuer (ima!haddock!karl or karl at haddock.isc.com), The Walking Lint
More information about the Comp.unix.wizards
mailing list