Coding Thread, Maxmimum Windows password length is 64 (Unicode) chars? in Coding and Web Development; You'll probably never need to know this but..
I wanted to (programmatically) create a local Win service account with a ...
22nd August 2010, 12:13 AM #1
Maxmimum Windows password length is 64 (Unicode) chars?
You'll probably never need to know this but..
I wanted to (programmatically) create a local Win service account with a set & forget random password, and when I got to the random bit just cut & pasted a function I once very carefully made for something else which happens to spit out 256 cryptographically random bits i.e. 32 bytes.
But passwords need to be strings, not bytes so I just quickly converted those 32 bytes to a 64 character hex string to use as the password. But my test Server 2008 R2 doesn't like that because although a string made from a limited character set (16 chars total) representing 256 random bits is MUCH more respectable than any password any typical human is likely to make, it's not "complex".
[How I wish Windows complexity checking would factor in length i.e. go "Ooh look! It's a 30 character password... hmmm.. LANMAN is definitely not happening here so I'll relax some of the pedantic nit-picking rules because they're obviously pointless in these circumstances".]
So next I thought I'd just quickly throw some stuff on the front of the password string to keep [bleeping] Windows happy e.g. "Xa91£$" + <original 64 hex char string>. But my test Server 2008, or at least the function I invoked doesn't like that much because despite my added "complex" stuff the password apparently still doesn't meet the complexity requirements!
So then I expermientally tried "Xa91£$" + <32 of the original hex chars> and it just worked. So I assume the API was really complaining about the password being too long, but perhaps no one ever got around to making a system error code for that. Browse the net and you can find some anecdotal comments about the max password length being ~128 chars, but perhaps that is 128 bytes because (ignoring length and other gubbins) being Unicode, my 64 character hex string needs 128 bytes of storage.
So again, you'll likely never need to know this, but password strings longer than 64 characters can cause trouble in at least one Windows API.
 Equivalent to a 40 character password utilising a scattering of chars from the full ASCII char set.
Last edited by PiqueABoo; 22nd August 2010 at 12:19 AM.
IDG Tech News
By Ric_ in forum Windows 7
Last Post: 10th June 2010, 07:31 PM
By FN-GM in forum Windows
Last Post: 8th November 2009, 08:50 PM
By cookie_monster in forum Network and Classroom Management
Last Post: 15th September 2009, 12:18 PM
By dyoung5 in forum Windows
Last Post: 19th May 2009, 10:35 AM
By crc-ict in forum Windows
Last Post: 8th September 2006, 07:40 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)