sdkmanager fails to save creds for a very long password

It won’t save valid credentials so I have to copy and paste every time from my password manager. My password is 64 chars, so I suspect it’s being truncated somewhere and an incorrect token is being stored. Perhaps the limit could be increased?

I’m thinking the actual Jetsons use sha-512 and can take very long passwords, so are you talking about the NVIDIA login to the server?

I’m referring to the SDKM and my login to Nvidia’s servers, yes. It works. I just have to enter it every time since the “remember” option doesn’t work. I’ve confirmed a token is stored in the sdkm’s sqlite db, but it doesn’t appear to be valid (I assume so since it’s not working).

Now that I think about it, my login email also has a “+” in it. That sometimes breaks things, but also prevents a ton of spam.

ROFL, if that works I’m about to change all my emails to have a “+”. :P

I couldn’t tell you what hashing and restrictions the NVIDIA servers have, no way to know. However, almost every single flavor of UN** or Linux from back in the days of using md5sum hashes ignored parts of passwords over 8 characters. I remember hating this on the IBM AIX system I used, and actually having many different systems which had so many different mandatory minimum and maximum lengths and disallowed character list differences it was nearly impossible to do anything reasonable.

It’s a gmail feature (and maybe some others). You add a + in your email like myemail+someservice@gmail.com when you sign up for some service and that way when they sell your info, you know who to bring wrath down on and can redirect all mails sent to that address directly to the trash. Signed up for Best Buy and they won’t stop spamming you worse than all Nigerian princes combined? FTC doesn’t care? There’s a Gmail feature for that.

I hear you. Maximum character lengths in passwords is one of those pet peeves of mine. 64 chars is kind of excessive, I grant you, but it shouldn’t break the software either. If it does, it’s usually an indication something is very wrong. Django limits it to 4096 chars to prevent a dos attack, but anything below that is kosher. The secure hashing algorithm itself doesn’t care if you pass it a gigabyte sized password.

Re: 8 char truncation. I didn’t know that and I’ve been using Linux since RedHat 4.1 When was that changed?

I don’t know when, but a very long time ago various *NIX used 8 only. I used IBM AIX in the 80s and 90s, along with Solaris for many years, and occasionally other *NIX. Used Linux since kernel 1.0.9, always been my favorite, but back then I believe all of the *NIX truncated after 8 characters unless someone specifically upgraded. I couldn’t tell you when it got better, but back then md5sum was probably the “best” since very few people cared.

Wow. That’s impressive. I never used a 1.x kernel and never had access to any other *NIX. Always wanted a Solaris box. I suppose I could pick on up on e-bay but I have a ton of junk like that already (fully loaded G5 quad tower is a recent acquisition). Been meaning to dual boot Gentoo on it since that’s the only distro that’s still updated, but then I’d be left with something that uses a ton of power and I can’t really figure any use for. I already have a server that’s fast enough. My spouse got the g5 to play old mac games and that it does very well.

I am pretty sure that this is a limitation in the system. Just for the heck of it, I generated a 64 character password and submitted it to https://howsecureismypassword.net/.

The result was:

Yup. That’s the idea. Heat death of the universe before my password can be brute forced with current methods (and then some). But then again, 8 character truncation and md5 would have been sufficient back in the day. Nowadays I can probably iterate through all of those possible combinations in less than a day on my GPU box.

I make no assumptions about the future, or weaknesses in the rng, secure hashing alg etc. so when I register for anything I generate the maximum length allowed always just because there’s no reason not to. If there is a limitation in the system, it’s sounds like a bug to me since it’s not the same limitation in the SDKM and on your server. It works fine on the forum an everywhere else. The SDKM is just not storing a valid token.

@mdegans, I have our team looking into this.

Thanks,
Tom

Thanks!

A ticket has been opened. I will post updates here.

Cheers,
Tom