Why not use a colon (:) in a password?

[weigoldk]

There are dozens of sites on the net that say a colon ) should not be used in a secure password. Does anyone out there know the explanation for this?

 

[Robnhood]

Perhaps because some Operating systems use a colon to put multiple commands on one line.

Craig

Http://www.SecurelySpeaking.com

 

[jimbopalmer]

Mac uses a colon as a folder path seperator like /usr/bin or \usr\in in the 'classic' MacOS it would be usr:bin I tried to remain child-like, all I acheived was childish.

 

[billalger]

One item to remember is that some scripts use : as the delimiter in checking passwd fields. I am not sure if the : encripts or not.

Example:
cat /etc/passwd | cut -d: -f3
grabs the 3rd field. If you use a : does it encript?

I do know that some 3rd party software such as Etrust and Kerberos uses the : in their equations. Passwords with : may throw them off on decription.

There may be other reasons as well.

 

[Kanth17]

In many (and almost all UNIX) Operating systems, the : is the field seperator for the next frame of the file.

So if you create an ID : bob
and set a password mon:key
Put him in as user 200 in group 1000
His file looks like so :

bob:mon:key:200:1000::/bin/ksh

So, since the algorithm reading passwords is looking based upon colon's and expects the password to be the second field, it breaks the algorithm and just returns "mon"

-Kanth