Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?

  • frezik
    link
    fedilink
    arrow-up
    1
    ·
    4 months ago

    Bcrypt and scrypt have a limit of 72 chars, so it’s probably that. Implementations can work around it by putting the password through a pre-hash, but most don’t bother. There are tons of reasonably secure password storage systems with that limit.