[p4] long passwords
Stephen Vance
steve at vance.com
Thu Oct 9 16:04:26 PDT 2008
The only thing stored in the schema is the MD5 hash of the password and
the ticket. Whatever truncation is happening is internal to the MD5
computation (the algorithm or Perforce's use of it). I'd send e-mail to
support. The documentation for 'p4 passwd' says that the maximum
password length is 1024 for all platforms, but doesn't explicitly
guarantee that all of those characters are significant. :) See
http://www.perforce.com/perforce/doc.081/manuals/cmdref/passwd.html#1047962.
Steve
Matt Craighead wrote:
> Some experiments I've just run seem to suggest that Perforce truncates
> passwords longer than 16 characters back down to 16 characters before
> storing or comparing them. Is this correct? I don't see anything in either
> the user or administrator docs talking about a maximum password length.
>
> I can put in whatever garbage I want after those first 16 characters in the
> password, and it doesn't seem to make a difference.
>
> Note: this does *not* apply to tickets, where all 32 hex digits appear to
> be significant (and in fact even changing uppercase to lowercase hex digits
> will give you an error).
>
> I'm also seeing some particularly unusual behavior with >16 character
> passwords via the p4api, but I haven't entirely figured out what is going on
> yet, so I'll refrain from speculating as to what the issue is.
>
>
--
Stephen Vance
www.vance.com
More information about the perforce-user
mailing list