4

I have a VPS hosted at a remote location. Obviously the host can login directly (without SSH or any keys) on this box and I want to make brute force password guessing as hard as possible for a bad admin.This leads to the question:

What is the maximum password length for user accounts in Ubuntu?

While questions like "what is the max length of password on unix/linux system?" claim that there is no actual limit with current hash algorithms it looks like there is still some sort of OS limitation though. It accepted my 207 character password and I was able to login again with that, but my 8192 character password cause Ubuntu to crash with the error "event not found" (whatever that means). Interesting enough, I could still login with the 8k password although I get an error each time I login.

Note, that I'm logging in with a 4K RSA SSH key so I don't care about "user friendliness" for manual logins.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
Jasper Citi
  • 165
  • 3
  • I know hashing algos allow any length as stated in the answer you had linked, but I was specifically asking about the Ubuntu OS and specifically about user accounts. I did a Google search and I could find any limitations as far as I know. Just because the underlying hash algo accepts any length can I assume Ubuntu does too? So can I theoretically take the text of the whole Holy Bible and paste that as a password? – Jasper Citi Jan 11 '21 at 10:55
  • Another limitation I also discovered is that if I make the password too long, the login times out before I could finish typing it. – Jasper Citi Jan 11 '21 at 11:53
  • I've incorporated some input from your comments into the question itself so that it includes already researched information now. – Steffen Ullrich Jan 11 '21 at 11:55
  • 1
    Typing speed is no fixed limit since it depends in how fast one can type and if one could simply cut+paste the password in the prompt. – Steffen Ullrich Jan 11 '21 at 11:58

0 Answers0