Comment on Larion Studios forum stores your passwords in unhashed plaintext.
exal@lemmy.ca 1 year agoEspecially if they have a maximum password length.
Not really, there are good reasons to limit password length. Like not wanting to waste compute time hashing huge passwords sent by a malicious actor. Or using bcrypt for your hashes, which has a 72 byte input limit and was considered the best option not that long ago. The limit just has to be reasonable; 72 lowercase letters is more entropy then the bcrypt hash you get out of it, for example.
hperrin@lemmy.world 1 year ago
Yes, reasonable limits are fine, I was talking more like 12 or 13 characters max. That’s probably indicative of a database field limit, and I’ve seen that a fair amount because my password manager defaults to 14 characters.