Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?
Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?
Bcrypt and scrypt have a limit of 72 chars, so it’s probably that. Implementations can work around it by putting the password through a pre-hash, but most don’t bother. There are tons of reasonably secure password storage systems with that limit.