现代Unix/Linux系统上的密码是否仍限制为8个字符? [英] Are passwords on modern Unix/Linux systems still limited to 8 characters?

问题描述

几年前，Unix密码限制为8个字符，或者如果密码长度超过8个字符，则多余的字符不会有任何作用.

Years ago it used to be the case that Unix passwords were limited to 8 characters, or that if you made the password longer than 8 characters the extra wouldn't make any difference.

在大多数现代Unix/Linux系统上是否仍然如此?

Is that still the case on most modern Unix/Linux systems?

如果是这样，大约在什么时候可以在大多数系统上使用更长的密码?

If so, around when did longer passwords become possible on most systems?

有没有一种简单的方法可以判断给定系统是否支持更长的密码，如果可以，那么有效的最大值(如果有)将是多少?

Is there an easy way to tell if a given system supports longer passwords and if so, what the effective maximum (if any) would be?

我已经在这个主题上进行了一些网络搜索，但实际上找不到任何确定的内容.出现的大部分内容是从2000年代初开始的，当时我认为8个字符的限制仍然很普遍(或者足够普遍以至于必须遵守该限制).

I've done some web searching on this topic and couldn't really find anything definitive; much of what came up was from the early 2000s when I think the 8 character limit was still common (or common enough to warrant sticking to that limit).

推荐答案

在 glibc2 (任何现代Linux发行版)中，密码加密功能可以使用MD5/SHA-xxx(由魔术盐前缀引起) )，然后将所有输入字符视为重要的 all (请参见 man 3 crypt ).对于您的系统上的简单测试，您可以尝试类似的操作:

In glibc2 (any modern Linux distribution) the password encryption function can use MD5/SHA-xxx (provoked by a magic salt prefix) which then treats as significant all the input characters (see man 3 crypt). For a simple test on your system, you could try something like:

#!/bin/perl -w
my $oldsalt = '@@';
my $md5salt = '$1$@@$';
print crypt("12345678",  $oldsalt) . "\n";
print crypt("123456789", $oldsalt) . "\n";
print crypt("12345678",  $md5salt) . "\n";
print crypt("12345678extend-this-as-long-as-you-like-0", $md5salt) . "\n";
print crypt("12345678extend-this-as-long-as-you-like-1", $md5salt) . "\n";

(在我的系统上显示)

@@nDzfhV1wWVg
@@nDzfhV1wWVg
$1$@@$PrkF53HP.ZP4NXNyBr/kF.
$1$@@$4fnlt5pOxTblqQm3M1HK10
$1$@@$D3J3hluAY8pf2.AssyXzn0

其他* ix变体也支持类似的内容-例如 crypt(3)，至少从Solaris 10开始，. 但是，它是非标准扩展名- POSIX没有定义

Other *ix variants support similar - e.g. crypt(3) since at least Solaris 10. However, it's a non-standard extension - POSIX does not define it.

这篇关于现代Unix/Linux系统上的密码是否仍限制为8个字符?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！