Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watnot!watmath!clyde!rutgers!husc6!panda!genrad!decvax!ima!haddock!karl
From: karl@haddock.UUCP
Newsgroups: comp.unix.wizards
Subject: Flexpasswords
Message-ID: <386@haddock.UUCP>
Date: Thu, 12-Mar-87 20:18:39 EST
Article-I.D.: haddock.386
Posted: Thu Mar 12 20:18:39 1987
Date-Received: Sat, 14-Mar-87 02:55:54 EST
Reply-To: karl@haddock.ISC.COM.UUCP (Karl Heuer)
Organization: Interactive Systems, Boston
Lines: 13

It has always annoyed me that passwords have a *maximum* length of 8.  (Yes,
of course you can use a longer password, in the same sense that you can use a
long identifier in pre-flexname C; it just gets truncated.)  The original
reason seems to be that the 8 bytes are copied into an array of 64 bits which
is then massaged into the 11 sixbit characters in the encrypted password.

However, one could instead hash the *entire* string into a 64-bit value (it
can even be done in a compatible way for short strings).  Has anyone ever
implemented this?  Would it be a significant security improvement?  Is it
generally believed that nobody would use such a long password voluntarily?  (I
would; I used to have a 15-char password.)

Karl W. Z. Heuer (ima!haddock!karl or karl@haddock.isc.com), The Walking Lint