Skip to content
loading...

re: Changing your name is a hard unsolved problem in Computer Science VIEW POST

TOP OF THREAD FULL DISCUSSION
re: Completely agree on all accounts. For every application and website I've written, authored, and maintained since I was a teenager (I'm 33 now) I've...
 

I can't see why anybody might want a maximum password length, unless they DON'T store the hashed password, that doesn't bode well (even if was encrypted it would be terrible).

 

Bcrypt is limited to 72 characters. It's the only reasonable limitation, as you would not want password managers to assume the users password was longer than required to authenticate. (especially if you migrated upwards in hash. )

Totally true, anything longer and BCrypt will truncate. I like Argon2's input limit of 4.29b characters much better hehe

That said, 72 characters isn't the worst length limit, but when you're asked by your bank for a max limit of 14 or something similarly pathetic like that

code of conduct - report abuse