Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?
"If a company tells you your password has a maximum length..."
Uhhh no. Not at all. What so ever. Period. Many have a limit for technical reasons because hashing passwords expands their character count greatly. Many websites store their passwords in specific database columns that themselves have a limit that the hashing algorithm quickly expands passwords out to.
If you plan your DB schema with a column limit in mind for fast processing, some limits produce effectively shorter password limits than you might expect. EVERYONE has column limits at least to prevent attacks via huge passwords, so a limit on a password can be a good sign they're doing things correctly and aren't going to be DDOS'd via login calls that can easily crush CPUs of nonspecialized servers.
It doesn't matter the input size, it hashes down to the same length. It does increase the CPU time, but not the storage space. If the hashing is done on the client side (pre-transmission), then the server has no extra cost.
For example, the hash of a Linux ISO isn't 10 pages long. If you SHA-256 something, it always results in 256 bits of output.
On the other hand, base 64-ing something does get longer as the input grows.
Hashing is more about obscuring the password if the database gets compromised. I guess they could send 2^256 or 2^512 passwords guesses, but at that point you probably have bigger issues.
It's more about when a database gets leaked. They then don't even have to put in the effort of trying to match hashes to passwords. And that's what hashing a password protects against, when done correctly.
Just in case someone runs across this and doesn't notice the downvotes, the parent post is full of inaccuracies and bad assumptions. Don't base anything on it.
The hash isn't at all secure when you do that, but don't worry too much about it. GP's thinking about how things work is laughably bad and can't be buried in enough downvotes.
Though I'd say this isn't something you read directly, but rather understand by going through cryptographic security as a whole.
To keep it short, cryptographic hashes make a few guarantees. A single bit change in the input will cause a drastic change in the output. Due to the birthday problem, the length needs to be double the length of a block cipher key to provide equivalent security. And a few others. When you chop it down, you potentially undermine all the security guarantees that academics worked very hard to analyze.
Even a small change would require going to a lot of work to make sure you didn't break something. And when you've read up on cryptography in general and understand it, this tends to be an automatic reflex.
None of which really matters. GP's big assumption is that the hash size grows with input size, which is not true. Hash size stays fixed no matter the input.
"If a company tells you your password has a maximum length..."
Uhhh no. Not at all. What so ever. Period. Many have a limit for technical reasons because hashing passwords expands their character count greatly. Many websites store their passwords in specific database columns that themselves have a limit that the hashing algorithm quickly expands passwords out to.
If you plan your DB schema with a column limit in mind for fast processing, some limits produce effectively shorter password limits than you might expect. EVERYONE has column limits at least to prevent attacks via huge passwords, so a limit on a password can be a good sign they're doing things correctly and aren't going to be DDOS'd via login calls that can easily crush CPUs of nonspecialized servers.
It doesn't matter the input size, it hashes down to the same length. It does increase the CPU time, but not the storage space. If the hashing is done on the client side (pre-transmission), then the server has no extra cost.
For example, the hash of a Linux ISO isn't 10 pages long. If you SHA-256 something, it always results in 256 bits of output.
On the other hand, base 64-ing something does get longer as the input grows.
Hashing on the client side is as secure as not hashing at all, an attacker can just send the hashes, since they control the client code.
Then you can salt+hash it again on the server.
Hashing is more about obscuring the password if the database gets compromised. I guess they could send 2^256 or 2^512 passwords guesses, but at that point you probably have bigger issues.
It's more about when a database gets leaked. They then don't even have to put in the effort of trying to match hashes to passwords. And that's what hashing a password protects against, when done correctly.
Can you not simply have a hashing algorithm that results in a fixed length hash?
That would be all of them, yes.
Just in case someone runs across this and doesn't notice the downvotes, the parent post is full of inaccuracies and bad assumptions. Don't base anything on it.
Why not just store the first X characters of the hashed password?
The hash isn't at all secure when you do that, but don't worry too much about it. GP's thinking about how things work is laughably bad and can't be buried in enough downvotes.
Where can I read more about how it's not secure?
The Wikipedia article is probably a good place to start: https://en.wikipedia.org/wiki/Cryptographic_hash_function
Though I'd say this isn't something you read directly, but rather understand by going through cryptographic security as a whole.
To keep it short, cryptographic hashes make a few guarantees. A single bit change in the input will cause a drastic change in the output. Due to the birthday problem, the length needs to be double the length of a block cipher key to provide equivalent security. And a few others. When you chop it down, you potentially undermine all the security guarantees that academics worked very hard to analyze.
Even a small change would require going to a lot of work to make sure you didn't break something. And when you've read up on cryptography in general and understand it, this tends to be an automatic reflex.
None of which really matters. GP's big assumption is that the hash size grows with input size, which is not true. Hash size stays fixed no matter the input.