what is the max length of password on unix/linux system?

27

12

what is the max permissible length of password on unix/linux system?

hari

Posted 2010-06-04T21:52:48.240

Reputation: 545

20If the answer isn't 42, it should be. – tvanfosson – 2010-06-04T21:55:11.980

a better question might be: what can I reasonably expect someone to type? If the limit is 40 and you are exceeding that, you are doing something wrong. – msw – 2010-06-04T23:40:59.593

Answers

39

If your system uses a cryptographic hash to store passwords i.e. MD5, SHA1, etc then there is no limit to the password length itself since these hashes can be created with any amount of data. An MD5 or SHA1 hash can be created for an entire hard drive and this is commonly done for forensic purposes because if even one bit is changed ever so slightly then you have a very different hash and hence you can verify the data has changed. This means you can use these exact same algorithms to test if data has been tampered with. Linux (current Linux at least) uses these same hash functions. It will ask you for a password and it will then create a cryptographic hash of the password you gave and see if this hash matches the stored password. This also means that your passwords are not stored in plain text and the only way to recover a lost password is to run a brute force test which generates password hash after password hash until a it finds one which matches the current hash and then you have your password.

There is a slight downside to using these hashes which is that a hash has a finite size for example an MD5 hash is 128 bit. This means that an MD5 hash only has 2^128 or 340,282,366,920,938,463,463,374,607,431,768,211,456 possible combinations. Now while that is a big number, what this means is that you can have what they call a hash collision where you have two different items or keys that produce the same hash. In theory, the larger the key size, the lower probability of a collision and the longer it should take to brute force a password but that is strictly evaluating the entropy and how long it CAN take but there is also a chance that the first entry they try can be the one which matches even if it's a hash collision. Generally speaking, you really are safer using a hash which has a larger key size because, suppose this is MD5, the odds of the first password matching out of 340,282,366,920,938,463,463,374,607,431,768,211,456 possible matches is extremely extremely unlikely. Also pick a good password because a lot of crackers will try and use word lists, name lists, and mutations of these list (i.e. if the word is "fish" then they will try fish1234, fish!@#$ etc) before they rely on brute forcing a password.

The way you can tell if your system uses cryptographic hashes to store passwords is take a look at the /etc/shadow file (assuming you have root access). Every line is formatted like user:password:last-changed:minimum-age:maximum-age:warning-period:inactivity-period:expiration-date:reserved. The password field may start with $num$ (i.e. an md5 hash in the password field looks like $1$01234567$b5lh2mHyD2PdJjFfALlEz1 where it starts with $1$). If it starts with this, then that means your system is using a cryptographic hash. The format of the password field on all modern systems is $id$salt$hash. The id specifies what type of cryptographic hash you are using. The salt is a randomly generated string that is concatenated with the key (plain text password) in order to protect against precomputed tables of known hashes. The hash is the cryptographic hash created from the salt and key/password. If your password field starts with $num$ then you are using cryptographic hashes.

So you know, the numbers mean this:

  • $1$ means you are using MD5
  • $2$ or $2a$ means you are using blowfish
  • $5$ means you are using SHA-256
  • $6$ means you are using SHA-512

SHA-512 is the best available hash to use that glibc offers. I don't know how strong blowfish is but it is not part of glibc and therefor is only available on certain distributions that have added it. SHA-512 produces 512 bit keys or 2^512 possible combinations before a collision can be expected and with a complex enough password, it would take a cluster of computers a very very long time to find either the actual password or a collision in the hash.

Also, if you have a hash which does not start with $num$ then you are using DES and that is limited to 8 character length. I believe older system that use DES, or at least some of them, they will take any size password but only use the first 8 character. This means if you set your password to mybigbigapple and someone uses the password mybigbigcity then they will be allowed in because DES will only use mybigbig and anything after that is discarded.

So you know, Ubuntu as of 8.04, which was released in April 2008, used MD5 hashes. Ubuntu from 8.10, which was released in October 2008, and all versions since then use SHA-512 hashes. I don't know how far before April 2008 but I believe for several years if not more, most all distributions used hashes.

Current 12.04 and 14.04 LTS (long term support releases) of Ubuntu appear to use SHA-512 by default, as can be seen with the $6$ prepended to the hash in the /etc/shadow file:

catullus:$6$MsHYK60sqcv$BtDqVCMXibpqg[...]

Now the length the key or password allowed for any hashing algorithm isn't the only thing to determine what size password you are allowed to have. The other item of interest is how the program is written and what length program itself will support. All modern passwd programs and probably most the crypt(3) function in Linux. crypt for a long long (since at least MD5 was used and probably before that) has allowed character pointers for the actual key. This means that the only limit on how long of a key it will accept is based on how much RAM that program has available to it but in all likelyhood, this is probably far far far longer then any password any person would ever be able to remember (millions of characters?).

This should answer your question as to how long a password can be. Hope I helped.

References:

jetole

Posted 2010-06-04T21:52:48.240

Reputation: 569

1

It should be noted that the crypt() algorithm has been deprecated for over a decade. No matter how long a crypt() password is, it gets truncated to 8 characters. Combined with the very small keyspace of a 12bit salt, crypt() has been rendered entirely insecure. As a reference, here is an article on how 1million of Gawker's passwords were exposed due to the use of crypt() back in 2010: https://www.lightbluetouchpaper.org/2010/12/15/the-gawker-hack-how-a-million-passwords-were-lost/

– cremefraiche – 2015-10-26T04:22:06.177

7"What is the max length of a SU answer?" lol Great answer! – James Mertz – 2010-10-22T20:57:11.787

8

It depends on which authentication module is used. In modern Linux systems, there is no maximum limit on password length. Some obsolete systems might have limits imposed by their password storage system -- popular maximums seem to be 8, 40, and 255.

John Millikin

Posted 2010-06-04T21:52:48.240

Reputation: 501

3

Depending on how the password is stored, MD5, SHA1, BlowFish etc I think there is no limit on password set by the storage method itself.

Older implementations might have a limit that is probably 8 or 255 characters.

This does seem like a question better suited for www.serverfault.com though :)

Kelsey

Posted 2010-06-04T21:52:48.240

Reputation: 798

5This is general computer related, not necessarily specific to servers though! – Darth Android – 2010-06-04T23:19:04.063

0

The passwd command is involving the mcrypt Command for encryption. According to source code of mcrypt the maximum size of stdin is restricted to 512 Characters (ciphers) - but this was two years ago.... - (I will update this answer next hours)... Yes... In source code 2.6.8 of mcrypt in directory src, there is file getpass.c - there at beginning you See value 512 set as static char value. (I would love to pump it up to 1.4 GB ...):

dschinn1001

Posted 2010-06-04T21:52:48.240

Reputation: 99