DEV Community


Discussion on: Changing your name is a hard unsolved problem in Computer Science

emmiep profile image
Emmie Päivärinta

I can't see why anybody might want a maximum password length, unless they DON'T store the hashed password, that doesn't bode well (even if was encrypted it would be terrible).

ashleypinner profile image
Ashley Pinner

Bcrypt is limited to 72 characters. It's the only reasonable limitation, as you would not want password managers to assume the users password was longer than required to authenticate. (especially if you migrated upwards in hash. )

Thread Thread
hellokyyt profile image
Kyle Harrison

Totally true, anything longer and BCrypt will truncate. I like Argon2's input limit of 4.29b characters much better hehe

That said, 72 characters isn't the worst length limit, but when you're asked by your bank for a max limit of 14 or something similarly pathetic like that