Re: More on Passwords

From: Mark A. Heilpern (heilpern@MINDSPRING.COM)
Date: 03/06/98


As Dan said, yes, it should be set to 13 (or perhaps 14, allowing for a
null termination) as the crypt() function returns a string of 13 characters
long regardless of the actual password.

The problem the original poster is running into is the crypt() function
also only utilizes the first 8 characters of the password; any additional
(the 9'th character being the original poster's second 0 in this case) are
discarded silently.

At 08:33 PM 3/5/98 -0800, you wrote:
>On Thu, 5 Mar 1998, John Evans wrote:
>
>->Check in structs.h for MAX_PWD_LENGTH, I'll bet that you'll find the
>->following:
>->
>->#define MAX_PWD_LENGTH  8
>->
>->I have mine at 10, and it's that way in stock. I'd start checking there to
>->see if you changed it for some reason.
>
>Assuming that we're encrypting passwords with crypt(), wouldn't it be
>best to set it to 13?  I mean, that is, after all, the constant length
>of an encrypted password (2 for the salt, 11 for the encrypted
>password).  So, even at 10 you trim off the last 3 characters of the
>encrypted password, which I would regard as a bug.  Or, I may just be
>missing something?
>
>-dak
>
>
>     +------------------------------------------------------------+
>     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
>     | http://democracy.queensu.ca/~fletcher/Circle/list-faq.html |
>     +------------------------------------------------------------+
>


     +------------------------------------------------------------+
     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     | http://democracy.queensu.ca/~fletcher/Circle/list-faq.html |
     +------------------------------------------------------------+



This archive was generated by hypermail 2b30 : 12/15/00 PST