>Hi Stefan, > >> I'm just reading through the Firebird 3 release notes. >> >> The chapter about "Increased Password Length" speaks of a maximum of >> 20 bytes. The second blue box in this chapter then asks: >> >> **Why is the password effectively limited to 20 characters? >> >> It is unclear from this documentation if this is about bytes or >> characters. What character set is used for storing passwords? Are >> these restricted to 7-Bit US-ASCII? (in this case, the number of bytes >> and characters would be the same). > >OTTOMH, password hashes are stored using character set OCTETS. No other >charset would make sense, methinks. That would still leave open the >possibility to enter passwords in multibyte charsets, but I don't know >if this is supported. If it is, the 'effective length' as explained >in the RelNotes would be 20 bytes, not characters. > >> (I hope this is the right forum for this question, if not, please >> give me a hint.)
No, it's not the right forum. The way it's documented now is what finally satisfied Alex Peshkov. Btw, we are talking about CHARACTERS, not bytes. There was argument in firebird-admin, since the potential length of passwords is now longer than anyone would remember and if you have to keep a file and copy/paste in order to log in, it all seems a bit much... "Effective" length has to do with the decoding algorithm (for potential brute force hacking, natch), although I haven't figured out exactly how. Alex insists that it's pointless having a pw longer than about 20 characters. So ask him on fb-devel and I'll watch and we might drag out something a bit more useful for the RC1 notes. Helen ------------------------------------------------------------------------------ _______________________________________________ Firebird-docs mailing list Firebird-docs@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/firebird-docs
