Today I found that using long passwords in rolling doesn't make a difference as only the first 8 characters are being used, and that the busybox passwd function doesn't even give a warning about any 'excess' characters. Scandalous! Imagine someone (like me) typing for years 12,14,16-character passwords when they might just as well have stopped typing after the 8th. This was better already over 8 years ago in Slitaz 3, where long passwords were fully used by default.
Of course there's a way around the problem by using password hashing, e.g. "passwd -a md5 ..." but I'd find it better if the function supported long passwords by default, with or without hashing. Maybe something wasn't 'turned on' when building busybox (or glibc)?