Software Gore

30 readers

2 users here now

A community for posting software malfunctions

Deliberately bad software or bad design is not software gore, it must be something unintentional

Icon base by Delapouite under CC BY 3.0 with modifications to add a gradient and shear it

founded 10 months ago

MODERATORS

[email protected]

417

Password must match the following (programming.dev)

submitted 2 months ago by [email protected] to c/[email protected]

49 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] chickenf622 1 points 2 months ago (1 children)

I don't see a reason to limit the length as long as the password hash can handle large values. I am green when it comes to the inner workings of password hashing, so I may be wrong.

[–] [email protected] 5 points 2 months ago

Being able to handle it, and being able to handle it efficiently enough are two very distinct things. The hash method might be able to handle long strings, but it might take several seconds/minutes to process them, slowing down the application significantly. Imagine a malicious user being able to set a password with millions (or billions!) of characters.

Therefore, restricting it to a small, but still sufficiently big, number of characters might help prevent DoS-attacks without any notable reduction in security for regular users.