On Thu, 23 Jul 2015 15:01:58 +1200, Helen Borrie <hele...@iinet.net.au> wrote: >>Hi Stefan, >> >>> I'm just reading through the Firebird 3 release notes. >>> >>> The chapter about "Increased Password Length" speaks of a maximum of >>> 20 bytes. The second blue box in this chapter then asks: >>> >>> **Why is the password effectively limited to 20 characters? >>> >>> It is unclear from this documentation if this is about bytes or >>> characters. What character set is used for storing passwords? Are >>> these restricted to 7-Bit US-ASCII? (in this case, the number of bytes >>> and characters would be the same). >> >>OTTOMH, password hashes are stored using character set OCTETS. No other >>charset would make sense, methinks. That would still leave open the >>possibility to enter passwords in multibyte charsets, but I don't know >>if this is supported. If it is, the 'effective length' as explained >>in the RelNotes would be 20 bytes, not characters. >> >>> (I hope this is the right forum for this question, if not, please >>> give me a hint.) > > No, it's not the right forum. The way it's documented now is what finally > satisfied Alex Peshkov. Btw, we are talking about CHARACTERS, not bytes. > There was argument in firebird-admin, since the potential length of > passwords is now longer than anyone would remember and if you have to keep > a file and copy/paste in order to log in, it all seems a bit much...
That is what password managers are for. I only need to remember four or so passwords (for my password manager, my home desktop, my e-mail account, my work account). The rest is stored and indeed copy/pasted or auto-typed. > "Effective" length has to do with the decoding algorithm (for potential > brute force hacking, natch), although I haven't figured out exactly how. > Alex insists that it's pointless having a pw longer than about 20 > characters. So ask him on fb-devel and I'll watch and we might drag out > something a bit more useful for the RC1 notes. I am still of the opinion the wording is flawed and causes unnecessary confusion (as demonstrated by this thread). Mark ------------------------------------------------------------------------------ _______________________________________________ Firebird-docs mailing list Firebird-docs@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/firebird-docs
