Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

Chris Adams cmadams at
Thu Oct 13 00:30:27 UTC 2011

Once upon a time, Orcan Ogetbil <oget.fedora at> said:
> On Wed, Oct 12, 2011 at 12:44 PM, Kevin Fenzi wrote:
> > New Password Rules:
> ...
> > * No maximum length.
> I thought about this for a while. Is this ever possible? What kind of
> storage do we use?

Yeah, I saw that too.  A literal "no maximum length" is a denial of
service waiting to happen.  I'm sure the passwords are hashed, so it
isn't a matter of storage, but the input buffer is not unlimited, and
neither are the hash iterations to process the input.

What is the actual limit?  256 characters?  512?
Chris Adams <cmadams at>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.

More information about the devel mailing list