Are passwords on modern Unix/Linux systems still limited to 8 characters?

Question

Years ago it used to be the case that Unix passwords were limited to 8 characters, or that if you made the password longer than 8 characters the extra wouldn\'t make any differe

Answer 1

In glibc2 (any modern Linux distribution) the password encryption function can use MD5/SHA-xxx (provoked by a magic salt prefix) which then treats as significant all the input characters (see man 3 crypt). For a simple test on your system, you could try something like:

#!/bin/perl -w
my $oldsalt = '@@';
my $md5salt = '$1$@@$';
print crypt("12345678",  $oldsalt) . "\n";
print crypt("123456789", $oldsalt) . "\n";
print crypt("12345678",  $md5salt) . "\n";
print crypt("12345678extend-this-as-long-as-you-like-0", $md5salt) . "\n";
print crypt("12345678extend-this-as-long-as-you-like-1", $md5salt) . "\n";

(which on my system gives)

@@nDzfhV1wWVg
@@nDzfhV1wWVg
$1$@@$PrkF53HP.ZP4NXNyBr/kF.
$1$@@$4fnlt5pOxTblqQm3M1HK10
$1$@@$D3J3hluAY8pf2.AssyXzn0

Other *ix variants support similar - e.g. crypt(3) since at least Solaris 10. However, it's a non-standard extension - POSIX does not define it.