Hit a site the other day that wouldn't let me paste a CREDIT CARD NUMBER. WTF.
On Thu, Apr 25, 2019 at 7:36 AM John McKown <john.archie.mck...@gmail.com> wrote: > On Wed, Apr 24, 2019 at 7:19 PM Walt Farrell <walt.farr...@gmail.com> > wrote: > > > On Wed, 24 Apr 2019 12:10:59 -0500, John McKown < > > john.archie.mck...@gmail.com> wrote: > > > > >> > > >> <snip> > > >> Why are passwords restricted to a maximum length of 8, and passphrases > > >> restricted to a minimum length of 9? > > >> > > > > > >Passwords are restricted to a max of 8 for historical reasons. They were > > >once kept in SYS1.UADS -- the TSO repository for userids, passwords, and > > >TSO information in the beginning (pre RACF). Why 8? Probably because > > >everything else was of length 8, i.e. a doubleword. Passphrases are 9 or > > >more characters so that RACF will know that it is a passphrase and not a > > >password. I guess the developers went with the easy to test rule of "8 > or > > >less is a PASSWORD, larger is a PASSPHRASE". But that's just a guess on > my > > >part. > > > > Not so that RACF will know, but so the application calling RACF will > know. > > The application needs to know whether the user entered a password or > > password phrase so it can indicate that to RACF. (And, I suppose, so the > > application developers can decide when/whether to support password > phrases.) > > > > Ah. That makes sense. If a Passphrase were allowed to be 8 or less > characters, the application wouldn't know which field to use to present it > to RACF. I don't know the details, but it's too bad that RACF won't accept > a PASSWORD in the PASSPHRASE field and check if the supplied value matches > either the PASSWORD or PASSPHRASE if the value's length is 8 or less and > not generate a security violation if it matches either one. > > > > > > > Additionally, password phrases get some strength from an increased number > > of characters supported, but primarily from increased length. The initial > > implementation required at least 14 characters for that reason, unless > the > > installation wanted to provide an exit overriding that to a smaller > value, > > 9 to 13. > > > > -- > > Walt > > > > > -- > This is clearly another case of too many mad scientists, and not enough > hunchbacks. > > > Maranatha! <>< > John McKown > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- zMan -- "I've got a mainframe and I'm not afraid to use it" ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
