View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001041 | HTML & PERL | Bug Report - Interface | public | 2008-03-26 20:22 | 2008-03-27 21:40 |
| Reporter | Indy13 | Assigned To | DerIdiot | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Summary | 0001041: Password is limited to 8 chars, yet it's not mentioned anywhere | ||||
| Description | Setting an account password longer than 8 characters has no effect as only the first 8 characters are taken into account. Example: if you set "123456789" as password you only need to type "12345678" to log in successfully. Also if your password is 8 characters or more, anything you type after the first 8 characters to log in doesn't matter. Example: your password is "12345678" and you type "12345678asd" to log in; the log in will be successfull. Password limit should be mentioned both on the signup page and profile page and perhaps increased. | ||||
| Tags | No tags attached. | ||||
|
|
This is caused by the currently used unix crypt() for password hashes. In the long run a move to another hashing scheme is probably a good idea. So far there are no plans to address this issue. |
|
|
i think we allow 16 characters for input though. that is indeed rather confusing exp. would need to check that first though to confirm it, but i saw some 16 character checks in adb_auth |
|
|
knew it. twice in the code there were checks for 16 character. aside of the inconsistent maxlength of the password field. it's restricted to 8 character now for signup and password change in the profile. that should make it clear |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2008-03-26 20:22 | Indy13 | New Issue | |
| 2008-03-26 22:52 | exp | Note Added: 0001865 | |
| 2008-03-26 23:11 | DerIdiot | Note Added: 0001866 | |
| 2008-03-27 21:40 | DerIdiot | Note Added: 0001873 | |
| 2008-03-27 21:40 | DerIdiot | Status | new => resolved |
| 2008-03-27 21:40 | DerIdiot | Resolution | open => fixed |
| 2008-03-27 21:40 | DerIdiot | Assigned To | => DerIdiot |
