Why is the maximum length of OpenWrt’s root password 8 characters? The 2019 Stack Overflow Developer Survey Results Are InHosting providers limiting the password length or allowed charactersCan only see 2GB of 4GB on 2.6.26-1-xen-amd64 debian 5, Dell PowerEdge 860How I can identify which process is making UDP traffic on Linux?pam_cracklib on Linux: how to disable creditsHow to enforce password complexity in Redhat?Strange OpenVPN behavior - disconnects after one minuteAllow linux root user mysql root access without passwordTurn off password expiration after user changes password (Linux)Changing the root passworddisable maximum password length on Windows Server

I am an eight letter word. What am I?

Why is the maximum length of OpenWrt’s root password 8 characters?

What is the most efficient way to store a numeric range?

Can there be female White Walkers?

Falsification in Math vs Science

What is this sharp, curved notch on my knife for?

Is it safe to harvest rainwater that fell on solar panels?

For what reasons would an animal species NOT cross a *horizontal* land bridge?

The phrase "to the numbers born"?

How can I have a shield and a way of attacking with a ranged weapon at the same time?

Why are there uneven bright areas in this photo of black hole?

Why didn't the Event Horizon Telescope team mention Sagittarius A*?

What do hard-Brexiteers want with respect to the Irish border?

What information about me do stores get via my credit card?

Is it ok to offer lower paid work as a trial period before negotiating for a full-time job?

Keeping a retro style to sci-fi spaceships?

Output the Arecibo Message

Why was M87 targeted for the Event Horizon Telescope instead of Sagittarius A*?

Unitary representations of finite groups over finite fields

What is preventing me from simply constructing a hash that's lower than the current target?

Geography at the pixel level

How to type a long/em dash `—`

How to notate time signature switching consistently every measure

Mathematics of imaging the black hole



Why is the maximum length of OpenWrt’s root password 8 characters?



The 2019 Stack Overflow Developer Survey Results Are InHosting providers limiting the password length or allowed charactersCan only see 2GB of 4GB on 2.6.26-1-xen-amd64 debian 5, Dell PowerEdge 860How I can identify which process is making UDP traffic on Linux?pam_cracklib on Linux: how to disable creditsHow to enforce password complexity in Redhat?Strange OpenVPN behavior - disconnects after one minuteAllow linux root user mysql root access without passwordTurn off password expiration after user changes password (Linux)Changing the root passworddisable maximum password length on Windows Server



.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;








27















When I try to set root's password:



root@OpenWrt:~# passwd
Changing password for root
Enter the new password (minimum of 5, maximum of 8 characters)
Please use a combination of upper and lower case letters and numbers.


It seems the maximum length is 8. If I try to set a password longer than 8, only the first 8 characters are valid. How can I set a longer password for root?



My OpenWrt version:



Linux OpenWrt 4.14.108 #0 SMP Wed Mar 27 21:59:03 2019 x86_64 GNU/Linux









share|improve this question






























    27















    When I try to set root's password:



    root@OpenWrt:~# passwd
    Changing password for root
    Enter the new password (minimum of 5, maximum of 8 characters)
    Please use a combination of upper and lower case letters and numbers.


    It seems the maximum length is 8. If I try to set a password longer than 8, only the first 8 characters are valid. How can I set a longer password for root?



    My OpenWrt version:



    Linux OpenWrt 4.14.108 #0 SMP Wed Mar 27 21:59:03 2019 x86_64 GNU/Linux









    share|improve this question


























      27












      27








      27


      3






      When I try to set root's password:



      root@OpenWrt:~# passwd
      Changing password for root
      Enter the new password (minimum of 5, maximum of 8 characters)
      Please use a combination of upper and lower case letters and numbers.


      It seems the maximum length is 8. If I try to set a password longer than 8, only the first 8 characters are valid. How can I set a longer password for root?



      My OpenWrt version:



      Linux OpenWrt 4.14.108 #0 SMP Wed Mar 27 21:59:03 2019 x86_64 GNU/Linux









      share|improve this question
















      When I try to set root's password:



      root@OpenWrt:~# passwd
      Changing password for root
      Enter the new password (minimum of 5, maximum of 8 characters)
      Please use a combination of upper and lower case letters and numbers.


      It seems the maximum length is 8. If I try to set a password longer than 8, only the first 8 characters are valid. How can I set a longer password for root?



      My OpenWrt version:



      Linux OpenWrt 4.14.108 #0 SMP Wed Mar 27 21:59:03 2019 x86_64 GNU/Linux






      linux password root openwrt passwd






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited 2 days ago









      Peter Mortensen

      2,14242124




      2,14242124










      asked 2 days ago









      Alan42Alan42

      431412




      431412




















          2 Answers
          2






          active

          oldest

          votes


















          35














          This is because DES-based crypt (AKA 'descrypt') truncates passwords at 8 bytes, and only checks the first 8 for the purpose of password verification.



          That's the answer to your direct question, but here's some general advice implied by your context:



          • Fortunately, from my reading, MD5 in /etc/login.defs is actually md5crypt ($1$), which, while a little outdated and declared deprecated by its author, is still far superior to DES-based crypt (and definitely much better than a raw, unsalted hash like plain MD5! Most unsalted hashes can be cracked on commodity GPUs at rates of billions per second)


          • It looks like SHA256 (actually sha256crypt) and SHA512 (actually sha512crypt) are also there. I would pick one of those instead.


          • If you set your password to password or something under each scheme, you can visually verify whether or not my conclusion that they're the -crypt variants is correct (examples here are taken from the hashcat example hashes, all 'hashcat', some wrapped for readability):


          Not recommended - unsalted or legacy hash types, much too "fast" (cracking rates) for password storage:



          MD5 - 8743b52063cd84097a65d1633f5c74f5
          SHA256 - 127e6fbfe24a750e72930c220a8e138275656b8e5d8f48a98c3c92df2caba935
          SHA512 - 82a9dda829eb7f8ffe9fbe49e45d47d2dad9664fbb7adf72492e3c81ebd3e2
          9134d9bc12212bf83c6840f10e8246b9db54a4859b7ccd0123d86e5872c1e5082f
          descrypt - 48c/R8JAv757A


          OK - much better than unsalted, no truncation, but no longer sufficiently resistant to brute force on modern hardware:



          md5crypt - $1$28772684$iEwNOgGugqO9.bIz5sk8k/


          Better - relatively modern hashes with large salts and work factors:



          sha256crypt - $5$rounds=5000$GX7BopJZJxPc/KEK$le16UF8I2Anb.rOrn22AUPWvzUETDGefUmAV8AZkGcD
          sha512crypt - $6$52450745$k5ka2p8bFuSmoVT1tzOyyuaREkkKBcCNqoDKzYiJL9RaE8yMnPgh2XzzF0NDrUhgrcLwg78xs1w5pJiypEdFX/


          Of these, only descrypt truncates at 8. The last two are your best bet.



          (Side note: the digits-only salts in the md5crypt and sha512crypt examples above are just side effects of how hashcat creates example hashes; real, healthy salts are usually drawn from a much larger keyspace).



          Note also that I'm only listing the hash types that are supported by /etc/login.defs on this platform. For general use, even sha256crypt and sha512crypt have been superseded - first by bcrypt, and then later by truly parallel-attack-resistant hashes like scrypt and the Argon2 family. (Note, however, that for interactive logins that should complete in under one second, bcrypt is actually more resistant to attack than the latter)






          share|improve this answer
































            19














            I modified this in /etc/login.defs:



            PASS_MAX_LEN 8


            problem fixed.




            Important additions:



            After I changed the above parameters, although I can set a password larger than 8 digits, it is still invalid because the real password is only the first eight digits. I don't know if this is my problem.



            My final solution is to set



            # ENCRYPT_METHOD DES


            to



            ENCRYPT_METHOD MD5


            in /etc/login.defs.



            Now, I can finally set a root password that is really larger than eight.






            share|improve this answer




















            • 16





              Good fix, but bad original choice for a system default though...

              – HBruijn
              2 days ago






            • 8





              I assume you changed your password to something longer than 8 characters now. Can you try if logging in with just the first 8 characters of your longer password works? Because it just might...

              – marcelm
              2 days ago






            • 9





              You might consider changing that to SHA256 or SHA512 or they are supported - MD5 is considered broken these days.

              – PhilippNagel
              2 days ago






            • 8





              really sha256 and sha512 by themselves aren't much better than md5. you need a salt, and use the crypt versions of these algorithms.

              – SnakeDoc
              2 days ago






            • 4





              @PhilippNagel With a high-entropy password, it's not too bad. While MD5 should certainly be considered broken, the currently known weaknesses don't affect it for password hashing. What is a problem for password hashing is the speed; non-iterated MD5 is so fast that brute-forcing is very feasible for many passwords.

              – marcelm
              2 days ago











            Your Answer








            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "2"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f962214%2fwhy-is-the-maximum-length-of-openwrt-s-root-password-8-characters%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            2 Answers
            2






            active

            oldest

            votes








            2 Answers
            2






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            35














            This is because DES-based crypt (AKA 'descrypt') truncates passwords at 8 bytes, and only checks the first 8 for the purpose of password verification.



            That's the answer to your direct question, but here's some general advice implied by your context:



            • Fortunately, from my reading, MD5 in /etc/login.defs is actually md5crypt ($1$), which, while a little outdated and declared deprecated by its author, is still far superior to DES-based crypt (and definitely much better than a raw, unsalted hash like plain MD5! Most unsalted hashes can be cracked on commodity GPUs at rates of billions per second)


            • It looks like SHA256 (actually sha256crypt) and SHA512 (actually sha512crypt) are also there. I would pick one of those instead.


            • If you set your password to password or something under each scheme, you can visually verify whether or not my conclusion that they're the -crypt variants is correct (examples here are taken from the hashcat example hashes, all 'hashcat', some wrapped for readability):


            Not recommended - unsalted or legacy hash types, much too "fast" (cracking rates) for password storage:



            MD5 - 8743b52063cd84097a65d1633f5c74f5
            SHA256 - 127e6fbfe24a750e72930c220a8e138275656b8e5d8f48a98c3c92df2caba935
            SHA512 - 82a9dda829eb7f8ffe9fbe49e45d47d2dad9664fbb7adf72492e3c81ebd3e2
            9134d9bc12212bf83c6840f10e8246b9db54a4859b7ccd0123d86e5872c1e5082f
            descrypt - 48c/R8JAv757A


            OK - much better than unsalted, no truncation, but no longer sufficiently resistant to brute force on modern hardware:



            md5crypt - $1$28772684$iEwNOgGugqO9.bIz5sk8k/


            Better - relatively modern hashes with large salts and work factors:



            sha256crypt - $5$rounds=5000$GX7BopJZJxPc/KEK$le16UF8I2Anb.rOrn22AUPWvzUETDGefUmAV8AZkGcD
            sha512crypt - $6$52450745$k5ka2p8bFuSmoVT1tzOyyuaREkkKBcCNqoDKzYiJL9RaE8yMnPgh2XzzF0NDrUhgrcLwg78xs1w5pJiypEdFX/


            Of these, only descrypt truncates at 8. The last two are your best bet.



            (Side note: the digits-only salts in the md5crypt and sha512crypt examples above are just side effects of how hashcat creates example hashes; real, healthy salts are usually drawn from a much larger keyspace).



            Note also that I'm only listing the hash types that are supported by /etc/login.defs on this platform. For general use, even sha256crypt and sha512crypt have been superseded - first by bcrypt, and then later by truly parallel-attack-resistant hashes like scrypt and the Argon2 family. (Note, however, that for interactive logins that should complete in under one second, bcrypt is actually more resistant to attack than the latter)






            share|improve this answer





























              35














              This is because DES-based crypt (AKA 'descrypt') truncates passwords at 8 bytes, and only checks the first 8 for the purpose of password verification.



              That's the answer to your direct question, but here's some general advice implied by your context:



              • Fortunately, from my reading, MD5 in /etc/login.defs is actually md5crypt ($1$), which, while a little outdated and declared deprecated by its author, is still far superior to DES-based crypt (and definitely much better than a raw, unsalted hash like plain MD5! Most unsalted hashes can be cracked on commodity GPUs at rates of billions per second)


              • It looks like SHA256 (actually sha256crypt) and SHA512 (actually sha512crypt) are also there. I would pick one of those instead.


              • If you set your password to password or something under each scheme, you can visually verify whether or not my conclusion that they're the -crypt variants is correct (examples here are taken from the hashcat example hashes, all 'hashcat', some wrapped for readability):


              Not recommended - unsalted or legacy hash types, much too "fast" (cracking rates) for password storage:



              MD5 - 8743b52063cd84097a65d1633f5c74f5
              SHA256 - 127e6fbfe24a750e72930c220a8e138275656b8e5d8f48a98c3c92df2caba935
              SHA512 - 82a9dda829eb7f8ffe9fbe49e45d47d2dad9664fbb7adf72492e3c81ebd3e2
              9134d9bc12212bf83c6840f10e8246b9db54a4859b7ccd0123d86e5872c1e5082f
              descrypt - 48c/R8JAv757A


              OK - much better than unsalted, no truncation, but no longer sufficiently resistant to brute force on modern hardware:



              md5crypt - $1$28772684$iEwNOgGugqO9.bIz5sk8k/


              Better - relatively modern hashes with large salts and work factors:



              sha256crypt - $5$rounds=5000$GX7BopJZJxPc/KEK$le16UF8I2Anb.rOrn22AUPWvzUETDGefUmAV8AZkGcD
              sha512crypt - $6$52450745$k5ka2p8bFuSmoVT1tzOyyuaREkkKBcCNqoDKzYiJL9RaE8yMnPgh2XzzF0NDrUhgrcLwg78xs1w5pJiypEdFX/


              Of these, only descrypt truncates at 8. The last two are your best bet.



              (Side note: the digits-only salts in the md5crypt and sha512crypt examples above are just side effects of how hashcat creates example hashes; real, healthy salts are usually drawn from a much larger keyspace).



              Note also that I'm only listing the hash types that are supported by /etc/login.defs on this platform. For general use, even sha256crypt and sha512crypt have been superseded - first by bcrypt, and then later by truly parallel-attack-resistant hashes like scrypt and the Argon2 family. (Note, however, that for interactive logins that should complete in under one second, bcrypt is actually more resistant to attack than the latter)






              share|improve this answer



























                35












                35








                35







                This is because DES-based crypt (AKA 'descrypt') truncates passwords at 8 bytes, and only checks the first 8 for the purpose of password verification.



                That's the answer to your direct question, but here's some general advice implied by your context:



                • Fortunately, from my reading, MD5 in /etc/login.defs is actually md5crypt ($1$), which, while a little outdated and declared deprecated by its author, is still far superior to DES-based crypt (and definitely much better than a raw, unsalted hash like plain MD5! Most unsalted hashes can be cracked on commodity GPUs at rates of billions per second)


                • It looks like SHA256 (actually sha256crypt) and SHA512 (actually sha512crypt) are also there. I would pick one of those instead.


                • If you set your password to password or something under each scheme, you can visually verify whether or not my conclusion that they're the -crypt variants is correct (examples here are taken from the hashcat example hashes, all 'hashcat', some wrapped for readability):


                Not recommended - unsalted or legacy hash types, much too "fast" (cracking rates) for password storage:



                MD5 - 8743b52063cd84097a65d1633f5c74f5
                SHA256 - 127e6fbfe24a750e72930c220a8e138275656b8e5d8f48a98c3c92df2caba935
                SHA512 - 82a9dda829eb7f8ffe9fbe49e45d47d2dad9664fbb7adf72492e3c81ebd3e2
                9134d9bc12212bf83c6840f10e8246b9db54a4859b7ccd0123d86e5872c1e5082f
                descrypt - 48c/R8JAv757A


                OK - much better than unsalted, no truncation, but no longer sufficiently resistant to brute force on modern hardware:



                md5crypt - $1$28772684$iEwNOgGugqO9.bIz5sk8k/


                Better - relatively modern hashes with large salts and work factors:



                sha256crypt - $5$rounds=5000$GX7BopJZJxPc/KEK$le16UF8I2Anb.rOrn22AUPWvzUETDGefUmAV8AZkGcD
                sha512crypt - $6$52450745$k5ka2p8bFuSmoVT1tzOyyuaREkkKBcCNqoDKzYiJL9RaE8yMnPgh2XzzF0NDrUhgrcLwg78xs1w5pJiypEdFX/


                Of these, only descrypt truncates at 8. The last two are your best bet.



                (Side note: the digits-only salts in the md5crypt and sha512crypt examples above are just side effects of how hashcat creates example hashes; real, healthy salts are usually drawn from a much larger keyspace).



                Note also that I'm only listing the hash types that are supported by /etc/login.defs on this platform. For general use, even sha256crypt and sha512crypt have been superseded - first by bcrypt, and then later by truly parallel-attack-resistant hashes like scrypt and the Argon2 family. (Note, however, that for interactive logins that should complete in under one second, bcrypt is actually more resistant to attack than the latter)






                share|improve this answer















                This is because DES-based crypt (AKA 'descrypt') truncates passwords at 8 bytes, and only checks the first 8 for the purpose of password verification.



                That's the answer to your direct question, but here's some general advice implied by your context:



                • Fortunately, from my reading, MD5 in /etc/login.defs is actually md5crypt ($1$), which, while a little outdated and declared deprecated by its author, is still far superior to DES-based crypt (and definitely much better than a raw, unsalted hash like plain MD5! Most unsalted hashes can be cracked on commodity GPUs at rates of billions per second)


                • It looks like SHA256 (actually sha256crypt) and SHA512 (actually sha512crypt) are also there. I would pick one of those instead.


                • If you set your password to password or something under each scheme, you can visually verify whether or not my conclusion that they're the -crypt variants is correct (examples here are taken from the hashcat example hashes, all 'hashcat', some wrapped for readability):


                Not recommended - unsalted or legacy hash types, much too "fast" (cracking rates) for password storage:



                MD5 - 8743b52063cd84097a65d1633f5c74f5
                SHA256 - 127e6fbfe24a750e72930c220a8e138275656b8e5d8f48a98c3c92df2caba935
                SHA512 - 82a9dda829eb7f8ffe9fbe49e45d47d2dad9664fbb7adf72492e3c81ebd3e2
                9134d9bc12212bf83c6840f10e8246b9db54a4859b7ccd0123d86e5872c1e5082f
                descrypt - 48c/R8JAv757A


                OK - much better than unsalted, no truncation, but no longer sufficiently resistant to brute force on modern hardware:



                md5crypt - $1$28772684$iEwNOgGugqO9.bIz5sk8k/


                Better - relatively modern hashes with large salts and work factors:



                sha256crypt - $5$rounds=5000$GX7BopJZJxPc/KEK$le16UF8I2Anb.rOrn22AUPWvzUETDGefUmAV8AZkGcD
                sha512crypt - $6$52450745$k5ka2p8bFuSmoVT1tzOyyuaREkkKBcCNqoDKzYiJL9RaE8yMnPgh2XzzF0NDrUhgrcLwg78xs1w5pJiypEdFX/


                Of these, only descrypt truncates at 8. The last two are your best bet.



                (Side note: the digits-only salts in the md5crypt and sha512crypt examples above are just side effects of how hashcat creates example hashes; real, healthy salts are usually drawn from a much larger keyspace).



                Note also that I'm only listing the hash types that are supported by /etc/login.defs on this platform. For general use, even sha256crypt and sha512crypt have been superseded - first by bcrypt, and then later by truly parallel-attack-resistant hashes like scrypt and the Argon2 family. (Note, however, that for interactive logins that should complete in under one second, bcrypt is actually more resistant to attack than the latter)







                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited 9 hours ago

























                answered 2 days ago









                Royce WilliamsRoyce Williams

                1,292815




                1,292815























                    19














                    I modified this in /etc/login.defs:



                    PASS_MAX_LEN 8


                    problem fixed.




                    Important additions:



                    After I changed the above parameters, although I can set a password larger than 8 digits, it is still invalid because the real password is only the first eight digits. I don't know if this is my problem.



                    My final solution is to set



                    # ENCRYPT_METHOD DES


                    to



                    ENCRYPT_METHOD MD5


                    in /etc/login.defs.



                    Now, I can finally set a root password that is really larger than eight.






                    share|improve this answer




















                    • 16





                      Good fix, but bad original choice for a system default though...

                      – HBruijn
                      2 days ago






                    • 8





                      I assume you changed your password to something longer than 8 characters now. Can you try if logging in with just the first 8 characters of your longer password works? Because it just might...

                      – marcelm
                      2 days ago






                    • 9





                      You might consider changing that to SHA256 or SHA512 or they are supported - MD5 is considered broken these days.

                      – PhilippNagel
                      2 days ago






                    • 8





                      really sha256 and sha512 by themselves aren't much better than md5. you need a salt, and use the crypt versions of these algorithms.

                      – SnakeDoc
                      2 days ago






                    • 4





                      @PhilippNagel With a high-entropy password, it's not too bad. While MD5 should certainly be considered broken, the currently known weaknesses don't affect it for password hashing. What is a problem for password hashing is the speed; non-iterated MD5 is so fast that brute-forcing is very feasible for many passwords.

                      – marcelm
                      2 days ago















                    19














                    I modified this in /etc/login.defs:



                    PASS_MAX_LEN 8


                    problem fixed.




                    Important additions:



                    After I changed the above parameters, although I can set a password larger than 8 digits, it is still invalid because the real password is only the first eight digits. I don't know if this is my problem.



                    My final solution is to set



                    # ENCRYPT_METHOD DES


                    to



                    ENCRYPT_METHOD MD5


                    in /etc/login.defs.



                    Now, I can finally set a root password that is really larger than eight.






                    share|improve this answer




















                    • 16





                      Good fix, but bad original choice for a system default though...

                      – HBruijn
                      2 days ago






                    • 8





                      I assume you changed your password to something longer than 8 characters now. Can you try if logging in with just the first 8 characters of your longer password works? Because it just might...

                      – marcelm
                      2 days ago






                    • 9





                      You might consider changing that to SHA256 or SHA512 or they are supported - MD5 is considered broken these days.

                      – PhilippNagel
                      2 days ago






                    • 8





                      really sha256 and sha512 by themselves aren't much better than md5. you need a salt, and use the crypt versions of these algorithms.

                      – SnakeDoc
                      2 days ago






                    • 4





                      @PhilippNagel With a high-entropy password, it's not too bad. While MD5 should certainly be considered broken, the currently known weaknesses don't affect it for password hashing. What is a problem for password hashing is the speed; non-iterated MD5 is so fast that brute-forcing is very feasible for many passwords.

                      – marcelm
                      2 days ago













                    19












                    19








                    19







                    I modified this in /etc/login.defs:



                    PASS_MAX_LEN 8


                    problem fixed.




                    Important additions:



                    After I changed the above parameters, although I can set a password larger than 8 digits, it is still invalid because the real password is only the first eight digits. I don't know if this is my problem.



                    My final solution is to set



                    # ENCRYPT_METHOD DES


                    to



                    ENCRYPT_METHOD MD5


                    in /etc/login.defs.



                    Now, I can finally set a root password that is really larger than eight.






                    share|improve this answer















                    I modified this in /etc/login.defs:



                    PASS_MAX_LEN 8


                    problem fixed.




                    Important additions:



                    After I changed the above parameters, although I can set a password larger than 8 digits, it is still invalid because the real password is only the first eight digits. I don't know if this is my problem.



                    My final solution is to set



                    # ENCRYPT_METHOD DES


                    to



                    ENCRYPT_METHOD MD5


                    in /etc/login.defs.



                    Now, I can finally set a root password that is really larger than eight.







                    share|improve this answer














                    share|improve this answer



                    share|improve this answer








                    edited yesterday









                    muru

                    498521




                    498521










                    answered 2 days ago









                    Alan42Alan42

                    431412




                    431412







                    • 16





                      Good fix, but bad original choice for a system default though...

                      – HBruijn
                      2 days ago






                    • 8





                      I assume you changed your password to something longer than 8 characters now. Can you try if logging in with just the first 8 characters of your longer password works? Because it just might...

                      – marcelm
                      2 days ago






                    • 9





                      You might consider changing that to SHA256 or SHA512 or they are supported - MD5 is considered broken these days.

                      – PhilippNagel
                      2 days ago






                    • 8





                      really sha256 and sha512 by themselves aren't much better than md5. you need a salt, and use the crypt versions of these algorithms.

                      – SnakeDoc
                      2 days ago






                    • 4





                      @PhilippNagel With a high-entropy password, it's not too bad. While MD5 should certainly be considered broken, the currently known weaknesses don't affect it for password hashing. What is a problem for password hashing is the speed; non-iterated MD5 is so fast that brute-forcing is very feasible for many passwords.

                      – marcelm
                      2 days ago












                    • 16





                      Good fix, but bad original choice for a system default though...

                      – HBruijn
                      2 days ago






                    • 8





                      I assume you changed your password to something longer than 8 characters now. Can you try if logging in with just the first 8 characters of your longer password works? Because it just might...

                      – marcelm
                      2 days ago






                    • 9





                      You might consider changing that to SHA256 or SHA512 or they are supported - MD5 is considered broken these days.

                      – PhilippNagel
                      2 days ago






                    • 8





                      really sha256 and sha512 by themselves aren't much better than md5. you need a salt, and use the crypt versions of these algorithms.

                      – SnakeDoc
                      2 days ago






                    • 4





                      @PhilippNagel With a high-entropy password, it's not too bad. While MD5 should certainly be considered broken, the currently known weaknesses don't affect it for password hashing. What is a problem for password hashing is the speed; non-iterated MD5 is so fast that brute-forcing is very feasible for many passwords.

                      – marcelm
                      2 days ago







                    16




                    16





                    Good fix, but bad original choice for a system default though...

                    – HBruijn
                    2 days ago





                    Good fix, but bad original choice for a system default though...

                    – HBruijn
                    2 days ago




                    8




                    8





                    I assume you changed your password to something longer than 8 characters now. Can you try if logging in with just the first 8 characters of your longer password works? Because it just might...

                    – marcelm
                    2 days ago





                    I assume you changed your password to something longer than 8 characters now. Can you try if logging in with just the first 8 characters of your longer password works? Because it just might...

                    – marcelm
                    2 days ago




                    9




                    9





                    You might consider changing that to SHA256 or SHA512 or they are supported - MD5 is considered broken these days.

                    – PhilippNagel
                    2 days ago





                    You might consider changing that to SHA256 or SHA512 or they are supported - MD5 is considered broken these days.

                    – PhilippNagel
                    2 days ago




                    8




                    8





                    really sha256 and sha512 by themselves aren't much better than md5. you need a salt, and use the crypt versions of these algorithms.

                    – SnakeDoc
                    2 days ago





                    really sha256 and sha512 by themselves aren't much better than md5. you need a salt, and use the crypt versions of these algorithms.

                    – SnakeDoc
                    2 days ago




                    4




                    4





                    @PhilippNagel With a high-entropy password, it's not too bad. While MD5 should certainly be considered broken, the currently known weaknesses don't affect it for password hashing. What is a problem for password hashing is the speed; non-iterated MD5 is so fast that brute-forcing is very feasible for many passwords.

                    – marcelm
                    2 days ago





                    @PhilippNagel With a high-entropy password, it's not too bad. While MD5 should certainly be considered broken, the currently known weaknesses don't affect it for password hashing. What is a problem for password hashing is the speed; non-iterated MD5 is so fast that brute-forcing is very feasible for many passwords.

                    – marcelm
                    2 days ago

















                    draft saved

                    draft discarded
















































                    Thanks for contributing an answer to Server Fault!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f962214%2fwhy-is-the-maximum-length-of-openwrt-s-root-password-8-characters%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    Tamil (spriik) Luke uk diar | Nawigatjuun

                    Align equal signs while including text over equalitiesAMS align: left aligned text/math plus multicolumn alignmentMultiple alignmentsAligning equations in multiple placesNumbering and aligning an equation with multiple columnsHow to align one equation with another multline equationUsing \ in environments inside the begintabularxNumber equations and preserving alignment of equal signsHow can I align equations to the left and to the right?Double equation alignment problem within align enviromentAligned within align: Why are they right-aligned?

                    Training a classifier when some of the features are unknownWhy does Gradient Boosting regression predict negative values when there are no negative y-values in my training set?How to improve an existing (trained) classifier?What is effect when I set up some self defined predisctor variables?Why Matlab neural network classification returns decimal values on prediction dataset?Fitting and transforming text data in training, testing, and validation setsHow to quantify the performance of the classifier (multi-class SVM) using the test data?How do I control for some patients providing multiple samples in my training data?Training and Test setTraining a convolutional neural network for image denoising in MatlabShouldn't an autoencoder with #(neurons in hidden layer) = #(neurons in input layer) be “perfect”?