Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?

  • tiredofsametab
    link
    fedilink
    13 months ago

    It’s all fun and games until someone realizes they can just create lots of accounts with large passwords and fill your space.

    • Jade
      link
      fedilink
      233 months ago

      Not a problem because passwords are hashed, which means they take up a fixed size, and you should have form upload size limits anyway.

      • tiredofsametab
        link
        fedilink
        63 months ago

        hashed, which means they take up a fixed size

        One would hope so anyway,

        you should have form upload size limits

        The above conflicts directly with OP’s Accept any utf8 string

          • tiredofsametab
            link
            fedilink
            33 months ago

            If you aren’t required to use an upload manager, are you really setting a solid password :thinking:

        • @x0x7
          link
          3
          edit-2
          3 months ago

          Ok. Take up to 65,536 bytes of utf8 string. Or better yet. Accept any password length. I mean any. But instead of transmitting it you bcyrpt on their machine and then use the resulting key to hmac sign a recent timestamp that can’t be reused.