Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30
cmadams at hiwaay.net
Thu Oct 13 00:30:27 UTC 2011
Once upon a time, Orcan Ogetbil <oget.fedora at gmail.com> said:
> On Wed, Oct 12, 2011 at 12:44 PM, Kevin Fenzi wrote:
> > New Password Rules:
> > * No maximum length.
> I thought about this for a while. Is this ever possible? What kind of
> storage do we use?
Yeah, I saw that too. A literal "no maximum length" is a denial of
service waiting to happen. I'm sure the passwords are hashed, so it
isn't a matter of storage, but the input buffer is not unlimited, and
neither are the hash iterations to process the input.
What is the actual limit? 256 characters? 512?
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
More information about the devel