Why does Zyxel only allows Passwords up to 14 Characters?

Hi,
i have a question. I have the Zyxel NAS542.
Why does my Zyxel NAS only allow Passwords up to 14 Characters.
That is not safe at all!
Synology allows Passwords up to 127 Characters!
Why does Zyxel has this restrictions. It does not make sense to me.
And if you expose your NAS to the Internet you dont want to save it with a password that has only 14 Characters.
Please! Change that in the next Firmware Update!
That is not contemporary!

Thank you for your support in Advance.


Accepted Solution

  • Mijzelf
    Mijzelf Posts: 1,977  Guru Member
    Answer ✓
    Yonggan said:
    So there is no option to enable higher password characters?
    Not that I'm aware of.

All Replies

  • Mijzelf
    Mijzelf Posts: 1,977  Guru Member
    edited December 2021
    I think it's an inheritance of older models which supported lanman, which is limited to 14 characters. As the webinterface and samba use the same password, this means it's limited to 14 characters in the webinterface either.
    Yonggan said:

    That is not safe at all!

    It's not that bad. You can use around 65 different characters (26 upper, 26 lower, 10 numbers and some other), which means a 14 character random password has around 65^14  = 2.4*10^25 possibilities. If an attacker is trying to bruteforce that, and does 1 million attempts a second (and believe me, the NAS nor your internet connection can handle that), it will take a thousand million years to have tried 1% of all possibilities.
    It would be worse if the attacker could copy your password file, as he than could perform as much attempts a second as his hardware could handle. But if the attacker has access to your password file you have other problems.
  • So there is no option to enable higher password characters?

    Yes but i think that you know that 14 is not really contemporary if other services provide much larger password character count :)