https://community.hpe.com/t5/operating-system-hp-ux/password-encryption-algorithm/m-p/3537688#M222597 The only way I can think of to do that would be to use shorter passwords. A longer password equals a longer encrypted string.<BR /><BR />I'm not sure why you would want that though. Wed, 04 May 2005 11:16:25 GMT Patrick Wallek 2005-05-04T11:16:25Z https://community.hpe.com/t5/operating-system-hp-ux/password-encryption-algorithm/m-p/3537685#M222594 What kind of encrytion algorithms are used for the trusted and the untrusted password?<BR /><BR /> Wed, 04 May 2005 10:47:38 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-encryption-algorithm/m-p/3537685#M222594 Tong Hu_1 2005-05-04T10:47:38Z https://community.hpe.com/t5/operating-system-hp-ux/password-encryption-algorithm/m-p/3537686#M222595 The DES alogorithms is used for trusted/untrusted mode. The makekey command (which in turn calls crypt) can be used to prepare crypted string. The password basically consists of a hash and salt chars (used for encryptiion)<BR />When a password is entered, a hash is matched and user authenticated if it matches.<BR /><BR />Anil Wed, 04 May 2005 11:01:48 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-encryption-algorithm/m-p/3537686#M222595 RAC_1 2005-05-04T11:01:48Z https://community.hpe.com/t5/operating-system-hp-ux/password-encryption-algorithm/m-p/3537687#M222596 how could I eliminate the encrypted password strings more than 13 characters?<BR /><BR />Thanks Wed, 04 May 2005 11:07:05 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-encryption-algorithm/m-p/3537687#M222596 Tong Hu_1 2005-05-04T11:07:05Z https://community.hpe.com/t5/operating-system-hp-ux/password-encryption-algorithm/m-p/3537688#M222597 The only way I can think of to do that would be to use shorter passwords. A longer password equals a longer encrypted string.<BR /><BR />I'm not sure why you would want that though. Wed, 04 May 2005 11:16:25 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-encryption-algorithm/m-p/3537688#M222597 Patrick Wallek 2005-05-04T11:16:25Z https://community.hpe.com/t5/operating-system-hp-ux/password-encryption-algorithm/m-p/3537689#M222598 I do not think that you can control that. While setting a password (non-trusted mode), your max pasword char length is 8 chars. While you can set password char length more than 8 chars in trusted mode, your applications shoould be able to understant it. Rather stick to 8 chars password char length.<BR /><BR />man passwd for details.<BR /><BR />Anil Wed, 04 May 2005 11:18:43 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-encryption-algorithm/m-p/3537689#M222598 RAC_1 2005-05-04T11:18:43Z https://community.hpe.com/t5/operating-system-hp-ux/password-encryption-algorithm/m-p/3537690#M222599 Sorry for the ambiguous question, I am asking about the encrypted password string in tcb files. Since we are trying to synchronize the encrypted password between the Sun servers and HP servers. Some of the encrpted password strings from HP are more than 13 characters, which won't work on Sun servers. Wed, 04 May 2005 14:18:59 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-encryption-algorithm/m-p/3537690#M222599 Tong Hu_1 2005-05-04T14:18:59Z https://community.hpe.com/t5/operating-system-hp-ux/password-encryption-algorithm/m-p/3537691#M222600 Sounds like a jobs for NIS+ or LDAP or something other than just scripts. Wed, 04 May 2005 14:43:43 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-encryption-algorithm/m-p/3537691#M222600 Patrick Wallek 2005-05-04T14:43:43Z https://community.hpe.com/t5/operating-system-hp-ux/password-encryption-algorithm/m-p/3537692#M222601 The password is always encrypted to exactly 13 characters as long as it it 8 chars or less in length. If the system is not Trusted, then pasword characters longer than 8 are silently ignored. In a Trusted system, long passwords are allowed but can easily be limited with system security policies. Run SAM and change the system security policy to 8 character maximum.<BR /> <BR />NOTE: This only affects new passwords. All existing long passwords must be changed. You can search the /tcb directory for long passwords and notify those users to change. Wed, 04 May 2005 22:04:22 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-encryption-algorithm/m-p/3537692#M222601 Bill Hassell 2005-05-04T22:04:22Z https://community.hpe.com/t5/operating-system-hp-ux/password-encryption-algorithm/m-p/3537693#M222602 Thanks for all your help. Thu, 05 May 2005 06:48:03 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-encryption-algorithm/m-p/3537693#M222602 Tong Hu_1 2005-05-05T06:48:03Z https://community.hpe.com/t5/operating-system-hp-ux/password-encryption-algorithm/m-p/3537694#M222603 One more extra question, if you can help please. Why Solaris doesn't care the password length, it always encrypt the password to 13 char length?<BR /><BR />Thanks<BR /> Thu, 05 May 2005 09:16:40 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-encryption-algorithm/m-p/3537694#M222603 Tong Hu_1 2005-05-05T09:16:40Z https://community.hpe.com/t5/operating-system-hp-ux/password-encryption-algorithm/m-p/3537695#M222604 Try typing the first 8 characters correctly and then adding random characters for 9 and beyond. I think you'll find that Solaris, just like HP-UX (untrusted), silently ignores characters 9 and above. Solaris is only encrypting the first 8, thus the 13 chars in /etc/passwd. Thu, 05 May 2005 10:58:38 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-encryption-algorithm/m-p/3537695#M222604 Bill Hassell 2005-05-05T10:58:38Z https://community.hpe.com/t5/operating-system-hp-ux/password-encryption-algorithm/m-p/3537696#M222605 Thanks, you are the best. Thu, 05 May 2005 11:29:44 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-encryption-algorithm/m-p/3537696#M222605 Tong Hu_1 2005-05-05T11:29:44Z