On Mon, Jul 16, 2012 at 12:00 PM, John Gilmore <jwgli...@gmail.com> wrote:
> The acceptability of length limitations depends upon their values. > > Passwords or userids that may be at most 8 characters in length are > unacceptable today. > Passwords, yes; userids, meh -- I don't consider a userid to be a secure data point. A limitation to at most 2^15 - 1 = 32767 characters is, in my view > at least, unobjectionable. Larger limitations like this one are often > reflections of control-block overflow problems in some procedural > language. These limitations can be circumvented, but the > concatenation schemes that do so are very tedious. > Seriously? You have 32K passwords? Or is that a "Nah, nobody would ever want anything CLOSE to this, so let's use this and forget about it" value? (I'm tempted to quote the "64K is enough" thing, but this is clearly different, since no human would ever use keys that large!) Or are you thinking of machine-to-machine interactions, which might indeed use very long keys (though I don't want to have to deal with them when they break)? -- zMan -- "I've got a mainframe and I'm not afraid to use it" ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
