Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?

  • frezik@midwest.social
    link
    fedilink
    arrow-up
    0
    ·
    3 months ago

    Bcrypt and scrypt functionally truncate it to 72 chars.

    There’s bandwidth and ram reasons to put some kind of upper limit. 1024 is already kinda silly.