+ Post New Thread
Results 1 to 1 of 1
Coding Thread, Maxmimum Windows password length is 64 (Unicode) chars? in Coding and Web Development; ...
  1. #1

    Join Date
    Jan 2006
    Thank Post
    Thanked 307 Times in 243 Posts
    Rep Power

    Maxmimum Windows password length is 64 (Unicode) chars?

    You'll probably never need to know this but..

    I wanted to (programmatically) create a local Win service account with a set & forget random password, and when I got to the random bit just cut & pasted a function I once very carefully made for something else which happens to spit out 256 cryptographically random bits i.e. 32 bytes.

    But passwords need to be strings, not bytes so I just quickly converted those 32 bytes to a 64 character hex string to use as the password. But my test Server 2008 R2 doesn't like that because although a string made from a limited character set (16 chars total) representing 256 random bits is MUCH more respectable than any password any typical human is likely to make[1], it's not "complex".

    [How I wish Windows complexity checking would factor in length i.e. go "Ooh look! It's a 30 character password... hmmm.. LANMAN is definitely not happening here so I'll relax some of the pedantic nit-picking rules because they're obviously pointless in these circumstances".]

    So next I thought I'd just quickly throw some stuff on the front of the password string to keep [bleeping] Windows happy e.g. "Xa91£$" + <original 64 hex char string>. But my test Server 2008, or at least the function I invoked doesn't like that much because despite my added "complex" stuff the password apparently still doesn't meet the complexity requirements!

    So then I expermientally tried "Xa91£$" + <32 of the original hex chars> and it just worked. So I assume the API was really complaining about the password being too long, but perhaps no one ever got around to making a system error code for that. Browse the net and you can find some anecdotal comments about the max password length being ~128 chars, but perhaps that is 128 bytes because (ignoring length and other gubbins) being Unicode, my 64 character hex string needs 128 bytes of storage.

    So again, you'll likely never need to know this, but password strings longer than 64 characters can cause trouble in at least one Windows API.

    [1] Equivalent to a 40 character password utilising a scattering of chars from the full ASCII char set.
    Last edited by PiqueABoo; 22nd August 2010 at 12:19 AM.

+ Post New Thread

Similar Threads

  1. Password resets using Windows 7
    By Ric_ in forum Windows 7
    Replies: 2
    Last Post: 10th June 2010, 07:31 PM
  2. View Windows Password
    By FN-GM in forum Windows
    Replies: 13
    Last Post: 8th November 2009, 08:50 PM
  3. Smoothwall Password Length
    By cookie_monster in forum Network and Classroom Management
    Replies: 7
    Last Post: 15th September 2009, 12:18 PM
  4. Make Windows ask for password again
    By dyoung5 in forum Windows
    Replies: 16
    Last Post: 19th May 2009, 10:35 AM
  5. HELP! Recovering Windows 2003 Admin password
    By crc-ict in forum Windows
    Replies: 7
    Last Post: 8th September 2006, 07:40 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts