Doesn’t bcrypt2 essentially truncate every source input to no longer than 35 cha... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		asynchronous on March 18, 2023 \| parent \| context \| favorite \| on: Zero one infinity rule Doesn’t bcrypt2 essentially truncate every source input to no longer than 35 characters?

layer8 on March 18, 2023 [–]

It’s 72 bytes, but yes. Probably a good reason to have a length limit on the password field if you use bcrypt.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact