FedoraForum.org - Fedora Support Forums and Community
Results 1 to 4 of 4
  1. #1
    Join Date
    Feb 2015
    Location
    Sweden
    Posts
    64

    Logins and passwords

    I updated my password yesterday. When I got here later, I was logged out (due to inactivity), and when I tried to log in… Username or password was wrong.

    Tried a couple of times and then I reset it. I chose a new password, a bit shorter (< 64), and now it seems fine. I tested to log out manually, and then back in.

    So, what are the passwords restrictions? in length, that is. Would be great to know so I can maximize it.

    I use KeepassX and just click “Generate” to get a long (128) random password I don't need to remember. Looks like 128 was too long, for some reason. If you could fix that would be great.

    Anyway... That's a “bug” to me. The form in the profile prefs to change password accepted the long password, and let me surf on. No warnings, no errors - like everything was ok. It should at least say something that my password was too long or something.

    · Eric
    [eric@...] ~$

  2. #2
    Join Date
    Nov 2008
    Posts
    413

    Re: Logins and passwords

    If you could fix that would be great.
    You need to file a bug report or RFE (request for enhancement) at https://bugzilla.redhat.com/index.cgi. The developers generally don't read this forum.

    I've experienced the same thing with on-line accounts - you enter the password, and it appears to work, but then it doesn't work when you try to login again - either because the password was too long, or it contained illegal characters - but no warning is issued. I saw some NIST document that recommended that passwords be kept shorter than (several?) MEGABYTES - because it would take a long time to hash down (to 128 bits?) !

  3. #3
    Join Date
    Dec 2013
    Location
    United Kingdom
    Posts
    5,882

    Re: Logins and passwords

    Quote Originally Posted by dswaner
    You need to file a bug report or RFE (request for enhancement) at https://bugzilla.redhat.com/index.cgi. The developers generally don't read this forum.

    I've experienced the same thing with on-line accounts - you enter the password, and it appears to work, but then it doesn't work when you try to login again - either because the password was too long, or it contained illegal characters - but no warning is issued. I saw some NIST document that recommended that passwords be kept shorter than (several?) MEGABYTES - because it would take a long time to hash down (to 128 bits?) !
    Please do not file anything to do with this forum on redhat bugzilla. they will just close it straight away as this user forum is nothing to do with developers over there

    @dswaner the post is forum feedback, nothing to do with the operating system itself

  4. #4
    Join Date
    Jun 2005
    Location
    Montreal, Que, Canada
    Posts
    4,989

    Re: Logins and passwords

    The password you enter is hashed and "salted". That means that your very long password or a very short password is hashed into a hexadecimal string of characters. The salt string is applied to your password as the hash is calculated. Two people with the same password will have different values stored due to "salt and hash" combination.
    A fixed size area is used to store the hashed and "salted" password.

    Linux may impose a Max length for a "in the clear" password string. There is no assurance that a very long password is more secure than one of 7 or eight characters. A long string is certainly harder to remember, if using a long "in the clear password" makes you feel better.
    Leslie in Montreal

    Interesting web sites list
    http://forums.fedoraforum.org/showth...40#post1697840

Similar Threads

  1. /etc/logins.def
    By mpg187 in forum Using Fedora
    Replies: 3
    Last Post: 11th November 2009, 03:42 AM
  2. Failed SSH Logins
    By Stealth in forum Security and Privacy
    Replies: 5
    Last Post: 19th April 2006, 02:35 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •