Ok, well it looks like this occurs because perl's crypt() function uses C's crypt function whose default algorithm only looks at the first 8 characters.
It appears that it is possible to use SHA-256 or SHA-512 algorithms in crypt(). This would have the advantage that the encoded version would depend on users entire password rather than the first 8 characters. Maybe only cryptPassword() in Utils.pm would have to change? On the other hand, there would have to be some way to be allowed to use the existing encoded password until the user changes it.
Jason
WeBWorK Main Forum
passwords
This forum has a limit to the number of forum postings you can make in a given time period - this is currently set at 10 posting(s) in 1 day