Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
GauntletWizard
on March 18, 2023
|
parent
|
context
|
favorite
| on:
Zero one infinity rule
I have legitimately used the complete works of William Shakespeare, unabridged, as a password. Even that is in megabytes, and not significant load for bcrypt2.
Not that there should be no limits at all, but the upper bound should be relatively high.
mellavora
on March 19, 2023
|
next
[–]
Now all I have to do is guess which order you used them in, and I'll have full access to your system!
asynchronous
on March 18, 2023
|
prev
[–]
Doesn’t bcrypt2 essentially truncate every source input to no longer than 35 characters?
layer8
on March 18, 2023
|
parent
[–]
It’s 72 bytes, but yes. Probably a good reason to have a length limit on the password field if you use bcrypt.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
Not that there should be no limits at all, but the upper bound should be relatively high.