HPE Community
Operating System - HP-UX
1823254 Members
3399 Online
109648 Solutions
New Discussion юеВ

Allowed password characters

 
Alan Edwards
Frequent Advisor

тАО07-08-2004 09:48 AM

тАО07-08-2004 09:48 AM

Allowed password characters

Anyone know which characters are disallowed for a password in an HP-UX system?

Alan
Klatu Barada Nikto
0 Kudos
Reply
11 REPLIES 11
KapilRaj
Honored Contributor

тАО07-08-2004 10:00 AM

тАО07-08-2004 10:00 AM

Re: Allowed password characters

i can remember a few

" : ; > < = - + % etc

Kaps
Nothing is impossible
0 Kudos
Reply
Geoff Wild
Honored Contributor

тАО07-08-2004 10:08 AM

тАО07-08-2004 10:08 AM

Re: Allowed password characters

I thought these ones are not valid:

\ ! @ # [space]

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Geoff Wild
Honored Contributor

тАО07-08-2004 10:17 AM

тАО07-08-2004 10:17 AM

Re: Allowed password characters

Found this post on ITRC:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=81066

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

тАО07-08-2004 10:36 AM

тАО07-08-2004 10:36 AM

Re: Allowed password characters

Alan,

I came across only two characters # and @ that give trouble most of the times. ! is my favorite character in fact.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Jeff Schussele
Honored Contributor

тАО07-08-2004 11:38 AM

тАО07-08-2004 11:38 AM

Re: Allowed password characters

Hi Alan,

I'll back up my compadre Sri.
The only 2 chars that are definitely no-no are # and @ that I've seen.
But a lot depends on the ttytype your terminal (emulation) reports.
One thing to consider is a term like an old 3270 or 5251 IBM type that had a cent sign key.
How in the heck are you gonna do that on a PC or 'NIX terminal?
I guess you could *try* the ole alt-3 digit off the numeric pad.....but I don't think it's even in the ASCII chart.

Cheers,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
curt larson_1
Honored Contributor

тАО07-08-2004 11:41 AM

тАО07-08-2004 11:41 AM

Re: Allowed password characters

encrypted passwords, the only valid characters are upper and lower case letters [A-Z,a-z], the digits [0-9], and . and /.

unencrypted passwords consists of characters from the 7-bit US-ASCII character set with letters from the English alphabet.

with that said some characters have special meaning to drivers, the kernel, and the shell. which means you can create passwords from characters that are very hard to type in, i.e. backspace or newline. Under normal circumstances these particular characters have special meaning to your termial driver that causes your input to be modified such that they never get recognized as input.

so it is best to avoid any characters that might have special meaning to your terminal driver or the shell. of these, @,#, backspace, and newline are the big ones.

you have 128 characters to use and only a handful to avoid. So, if you're having a problem with any just avoid it. there are plenty of others to use.
0 Kudos
Reply
Jeff Schussele
Honored Contributor

тАО07-08-2004 11:50 AM

тАО07-08-2004 11:50 AM

Re: Allowed password characters

Hi Curt,

I respectfully disagree.
We use ! - _ ( ) . , *all* the time.
Haven't tried % & $ ~ < > ? + = ' ` , [ ] { } but I see no reason why we couldn't.
The key is that # @ are used *quite* frequently in "standard" terminal defs.

My 2 cents (DAMN where's that key....),
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
curt larson_1
Honored Contributor

тАО07-08-2004 01:03 PM

тАО07-08-2004 01:03 PM

Re: Allowed password characters

Jeff,

I don't think we disagree. You probably just misread my reply.

We use ! - _ ( ) . , *all* the time.
Haven't tried % & $ ~ < > ? + = ' ` , [ ] { } but I see no reason why we couldn't.

what i said is the unencrypted password (what you type in), consists of characters from the 7-bit US-ASCII character set with letters from the English alphabet. Those are all part of the 7-bit US-ASCII character set and are valid unencrypted password characters.

I also said the encrypted passwords (what is in the password field of the password file), the only valid characters are upper and lower case letters [A-Z,a-z], the digits [0-9], and . and /. using shell meta charcaters as part of the password field of the password file will not work, i.e. the practice of putting a star, "*", in the password file, the user will no longer be able to login.

as far as avoiding shell meta characters, i just take the position that there are so many terminal emulators, different user abilities, application programming, etc. that if a character doesn't work it is probably going to be one of those. And, it usually isn't worth the time to find out why it doesn't work. just don't use those that don't work.

And, i do think special characters should be used frequently for passwords. you should know which ones do work and persuade users to use them and educate them in ways to use them.
0 Kudos
Reply
Jeff Schussele
Honored Contributor

тАО07-08-2004 01:25 PM

тАО07-08-2004 01:25 PM

Re: Allowed password characters

Hi (again) Curt,

Agreed & point well taken,

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО07-09-2004 02:04 AM

тАО07-09-2004 02:04 AM

Re: Allowed password characters

There are no restricted characters for the password itself. The problems come up when you use special characters that mean something to the shell or to the tty driver. For instance, # and @ are the default values for the tty driver for backspace and cancel respectively. But you can create a password with those characters, right? Yes, if you escape them from your interface to the kernel, the shell. # says ignore everything from here on and @ does not have a special meaning to the shell. Yet neither of those characters seem to work as a password by default.

The reason is that before you login, the tty settings for terminals (and pseudo terminals such as telnet, etc) are determined by the driver, so # means backspace and @ means cancel line. To see what your tty device file settings are, use:

stty -a < /dev/ttyconf

This is a special device file recently added to HP-UX that 'remembers' a global change to the tty settings. You can override the default settings with something like this:

/sbin/stty erase "^H" kill "^U" < /dec/ttyconf

Now when you login, the backspace key will work and # can be a password character. The reason that # is not backspace after you login is that /etc/profile or $HOME/.profile changes the values during login.

So what about other characters like ' or } or even ?. Well, the answer is: they work fine, just keep them 'protected' or escaped from your current environment. All that password does when you change the password is to pass your string to the encryption function (see crypt and makekey) and out comes an encrypted string. When prompted for a password, whatever you type (after it is processed by your current tty settings) is encrypted and the result compared to the entry in the passwd file.

All that said, it is a very bad idea to use every character on the keyboard, especially if other computers accept strange characters like ctrl characters. This is where single-logon authentication nfalls apart. The administrator must limit the acceptable password characters to a set common to all environments. Some system may be happy with ctrl-G in a password, others not. You can't go wrong with alphanumerics only.


Bill Hassell, sysadmin
0 Kudos
Reply
Sundar_7
Honored Contributor

тАО07-09-2004 03:30 AM

тАО07-09-2004 03:30 AM

Re: Allowed password characters

In a nutshell, there is nothing like "disallowed" characters in the password. As Bill mentioned above, you will face problems logging in if you use the special characters that means something special to the shell (like the # and @).Combination of capital & lower case letters, numbers and special characters that don├в t mean anything to the shell (like $) should make up a good passwo
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.