karl@haddock.UUCP (03/13/87)
It has always annoyed me that passwords have a *maximum* length of 8. (Yes, of course you can use a longer password, in the same sense that you can use a long identifier in pre-flexname C; it just gets truncated.) The original reason seems to be that the 8 bytes are copied into an array of 64 bits which is then massaged into the 11 sixbit characters in the encrypted password. However, one could instead hash the *entire* string into a 64-bit value (it can even be done in a compatible way for short strings). Has anyone ever implemented this? Would it be a significant security improvement? Is it generally believed that nobody would use such a long password voluntarily? (I would; I used to have a 15-char password.) Karl W. Z. Heuer (ima!haddock!karl or karl@haddock.isc.com), The Walking Lint