24

Years ago it used to be the case that Unix passwords were limited to 8 characters, or that if you made the password longer than 8 characters the extra wouldn't make any difference.

Is that still the case on most modern Unix/Linux systems?

If so, around when did longer passwords become possible on most systems?

Is there an easy way to tell if a given system supports longer passwords and if so, what the effective maximum (if any) would be?

I've done some web searching on this topic and couldn't really find anything definitive; much of what came up was from the early 2000s when I think the 8 character limit was still common (or common enough to warrant sticking to that limit).

Chirael
  • 3,025
  • 4
  • 28
  • 28

6 Answers6

16

Although the original DES-based algorithm only used the first 8 characters of the password, Linux, Solaris, and other newer systems now additionally support other password hash algorithms such as MD5 which do not have this limit. Sometimes it is necessary to continue using the old algorithm if your network contains older systems and if NIS is used. You can tell that the old DES-based algorithm is still being used if the system will log you in when you enter only the first 8 characters of your >8-character password.

Because it is a hash algorithm, MD5 does not have an intrinsic limit. However various interfaces do generally impose some limit of at least 72 characters.

Although originally the encrypted password was stored in a world-readable file (/etc/passwd), it is now usually stored in a separate shadow database (e.g. /etc/shadow) which is only readable by root. Therefore, the strength of the algorithm is no longer as important as it once was. However if MD5 is inadequate, Blowfish or SHA can be used instead on some systems. And Solaris supports pluggable password encryption modules, allowing you to use any crazy scheme. Of course if you are using LDAP or some other shared user database then you will need to select an algorithm that is supported on all of your systems.

mark4o
  • 58,919
  • 18
  • 87
  • 102
  • Great info and links - thank you for answering! There were many good answers so I ended up "accepting" the one that gave me code to determine whether it was safe to use passwords > 8, but I up-rated all the good answers including yours. Thanks! – Chirael Feb 02 '10 at 18:22
  • No problem. BTW it is always *safe* to use passwords longer than 8 characters, its just that if your password is stackoverflow it may also accept stackoverload. Adding the extra characters may make it easier to remember and will not decrease security. Also keep in mind that all of the algorithms can have hash collisions and will accept more than one password, especially if they are long. – mark4o Feb 03 '10 at 02:24
15

In glibc2 (any modern Linux distribution) the password encryption function can use MD5/SHA-xxx (provoked by a magic salt prefix) which then treats as significant all the input characters (see man 3 crypt). For a simple test on your system, you could try something like:

#!/bin/perl -w
my $oldsalt = '@@';
my $md5salt = '$1$@@$';
print crypt("12345678",  $oldsalt) . "\n";
print crypt("123456789", $oldsalt) . "\n";
print crypt("12345678",  $md5salt) . "\n";
print crypt("12345678extend-this-as-long-as-you-like-0", $md5salt) . "\n";
print crypt("12345678extend-this-as-long-as-you-like-1", $md5salt) . "\n";

(which on my system gives)

@@nDzfhV1wWVg
@@nDzfhV1wWVg
$1$@@$PrkF53HP.ZP4NXNyBr/kF.
$1$@@$4fnlt5pOxTblqQm3M1HK10
$1$@@$D3J3hluAY8pf2.AssyXzn0

Other *ix variants support similar - e.g. crypt(3) since at least Solaris 10. However, it's a non-standard extension - POSIX does not define it.

jmb
  • 363
  • 2
  • 8
  • 1
    The md5 hash using `$1$` is **22** years old. It used to be default for hashing the `shadow` for quite some time but is insecure by now. No one seriously used it in 2010. The old crypt used des, and not all characters were significant. It wasn't really that broken ~1995, with a good password. – Antti Haapala -- Слава Україні Oct 16 '17 at 16:43
  • @AnttiHaapala It certainly is! This is just the simplest example - the (linked) manpage for crypt gives other values for the algorithm, such as $5$ for SHA-256 and $6$ for SHA-512. – jmb Nov 01 '17 at 17:34
5

Not for Linux. It's only 8 if you disable MD5 Hashing.

http://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/security-guide/s1-wstation-pass.html

You can administer policies enforcing longer and more complex passwords as well.

The full lengths are discussed here:

http://www.ratliff.net/blog/2007/09/20/password-length/

Keith Adler
  • 20,880
  • 28
  • 119
  • 189
  • 1
    Does Linux still use MD5 these days? I ask because it's considered to be broken. – Steven Sudit Feb 01 '10 at 20:14
  • @Steven: IIRC, yes it still uses MD5 by default. It uses a reasonably good salt, however, so it's somewhat safe from rainbow table attacks, but not as safe as it could be. – rmeador Feb 01 '10 at 20:44
  • 1
    Interesting. I vaguely remember that some Unix variants support more than one hashing algorithm. – Steven Sudit Feb 01 '10 at 21:53
  • 2
    MD5 is not "broken" for the use of hashing passwords; there is still no better-than-brute-force way of reversing a MD5 hash of short input; MD5 hash collisions for larger files CAN be constructed feasibly but that does not mean it's unsafe for any application. – MarkR Feb 01 '10 at 22:39
  • 2
    Blowfish and SHA-based hashes are now also supported on some systems. – mark4o Feb 02 '10 at 02:46
  • Modern best practice for password hashes also takes into account how slow the algorithm is as well as how secure: see http://blog.codinghorror.com/your-password-is-too-damn-short/ – mhsmith Apr 29 '15 at 10:03
5

Are you asking about the crypt algorithm?

http://linux.die.net/man/3/crypt

"By taking the lowest 7 bits of each of the first eight characters of the key..."

"The glibc2 version of this function has the following additional features. ... The entire key is significant here (instead of only the first 8 bytes)."

Here's a hint as to how long ago this change happened.

Glibc 2 HOWTO
  Eric Green, ejg3@cornell.edu
  v1.6, 22 June 1998
S.Lott
  • 384,516
  • 81
  • 508
  • 779
1

You will find this article of interest. There is something called PAM (Password Authentication Module) which runs your password through a series of modules (configured in /etc/pam.d/passwd or /etc/pam.conf) to determine whether the password is valid or not.

danben
  • 80,905
  • 18
  • 123
  • 145
0

I think around the time when actual passwords were moved from /etc/passwd to shadow, on Linux . I am guessing around 2000, Red Hat 6.x had long passwords IIRC. Around 2000 there were still a lot of old SUN, and they had password and username limits.

Anycorn
  • 50,217
  • 42
  • 167
  • 261