What's the *Maximum* password length in RT?

RT Users
1

Strange question I know but the SOX people are asking - they’ve asked
for the minimum length (which is configurable). Now they want to know
the maximum (!). Anybody have an idea?

PK

Philip Kime
NOPS Systems Architect
310 401 0407

2

Strange question I know but the SOX people are asking - they’ve asked
for the minimum length (which is configurable). Now they want to know
the maximum (!). Anybody have an idea?

By default it is 40 characters.

Joshua Colson jcolson@voidgate.org

3

Strange question I know but the SOX people are asking - they’ve asked
for the minimum length (which is configurable). Now they want to know
the maximum (!). Anybody have an idea?

We save it as an MD5 hash. so, really, “as much as you can shove in a
perl scalar”

4

It’s the max length of the field in the database :slight_smile: This is by default
40, as Joshua mentioned.

| Password | varchar(40) | YES | | NULL |
|

Eric Schultz
United OnlineFrom: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Joshua
Colson
Sent: Monday, June 26, 2006 12:17 PM
To: Philip Kime
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] What’s the Maximum password length in RT?

Strange question I know but the SOX people are asking - they’ve asked
for the minimum length (which is configurable). Now they want to know
the maximum (!). Anybody have an idea?

By default it is 40 characters.

Joshua Colson jcolson@voidgate.org

5

It’s the max length of the field in the database :slight_smile: This is by default
40, as Joshua mentioned.

No. 40 is the length of the MD5 hash. The password can basically
be as long as you want. Just because the hashed password
is 40 characters loing doesn’t mean you only get 40 characters
of security.

6

Right, I jumped the gun :-)From: Todd Chapman [mailto:todd@chaka.net]
Sent: Monday, June 26, 2006 12:32 PM
To: Schultz, Eric
Cc: Joshua Colson; Philip Kime; rt-users@lists.bestpractical.com
Subject: Re: [rt-users] What’s the Maximum password length in RT?

It’s the max length of the field in the database :slight_smile: This is by
default
40, as Joshua mentioned.

No. 40 is the length of the MD5 hash. The password can basically
be as long as you want. Just because the hashed password
is 40 characters loing doesn’t mean you only get 40 characters
of security.