Within the past several months, an amazing number of people have asked me about the maximum length of passwords and user names in Red Hat Enterprise Linux and SUSE Linux Enterprise Server. Every one of them says that they have searched for this data and are not able to find it. I’ve searched around too and find it in bits and pieces but not as a consolidated whole. It is funny though (as in things that make you go hmmm), that Solar Designer has written an updated man page for crypt which contains almost all of this data, which is included in the glibc source RPM for SLES but not installed.

On RHEL5, the maximum length of a user name is 31 characters.
On SLES10, the maximum length of a user name is 32.
(Odd results, but try it and you will see!)

Algorithm: crypt
Prefix: none
Maximum Cleartext Password Length: 8
Length of Salt: 2-char (12 bits)
Iterations: 25 (built-in)
Length of Hashed String: 11-char (64bit)
Maximum Length of Hashed Password (prefix + salt + $ + hashed_str): 13-char (0 + 2 + 0 + 11 = 13)

Algorithm: md5
Prefix: $1$
Maximum Cleartext Password Length:
RHEL5.1: 79 (5.1 limit imposed by passwd)
SLES10: 127 (limit imposed by passwd, blames crypt in comment)
Length of Salt: 8-char (48 bits)
Iterations: 1000 (built-in)
Length of Hashed String: 22-char (128bit)
Maximum Length of Hashed Password (prefix + salt + $ + hashed_str): 34-char ( $1$salt$hashed_str ) (3 + 8 + 1 + 22 = 34)

Algorithm: Blowfish (SUSE)
Prefix: $2a$
Maximum Cleartext Password Length: 72
Length of Salt: 22-char (128 bits)
Iterations: 16 (built-in)
Length of Hashed String: 31-char (184bit)
Maximum Length of Hashed Password (prefix + salt + $ + hashed_str): 60-char ($2a$nn$salthashed_str) (4 + 2 + 1 + 22 + 31)

Note that I am still working on experimenting with the formatting of this entry because I find the current presentation relatively unreadable. So this entry may change after it is published.