On Wed, 24 Apr 2019 12:10:59 -0500, John McKown <[email protected]> wrote:
>> >> <snip> >> Why are passwords restricted to a maximum length of 8, and passphrases >> restricted to a minimum length of 9? >> > >Passwords are restricted to a max of 8 for historical reasons. They were >once kept in SYS1.UADS -- the TSO repository for userids, passwords, and >TSO information in the beginning (pre RACF). Why 8? Probably because >everything else was of length 8, i.e. a doubleword. Passphrases are 9 or >more characters so that RACF will know that it is a passphrase and not a >password. I guess the developers went with the easy to test rule of "8 or >less is a PASSWORD, larger is a PASSPHRASE". But that's just a guess on my >part. Not so that RACF will know, but so the application calling RACF will know. The application needs to know whether the user entered a password or password phrase so it can indicate that to RACF. (And, I suppose, so the application developers can decide when/whether to support password phrases.) Additionally, password phrases get some strength from an increased number of characters supported, but primarily from increased length. The initial implementation required at least 14 characters for that reason, unless the installation wanted to provide an exit overriding that to a smaller value, 9 to 13. -- Walt ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
