Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?
There are going to be very few hashing algorithms that can take a certain byte value and hash it down into a unique smaller byte value. If you miscoded the database and stored the hashed passwords into a value of a fixed length, you have to abide by that length without some trickery or cleaveriness. Is that not the case? Every time I've seen this limitation in wild code that has been the case.
That's true. But fortunately even the most basic hashing algorithms are more than enough to make worrying about these things pointless when it comes to passwords. You have to poorly implement everything by hand and make a series of bad calls to run into any issues.
There are going to be very few hashing algorithms that can take a certain byte value and hash it down into a unique smaller byte value. If you miscoded the database and stored the hashed passwords into a value of a fixed length, you have to abide by that length without some trickery or cleaveriness. Is that not the case? Every time I've seen this limitation in wild code that has been the case.
That's true. But fortunately even the most basic hashing algorithms are more than enough to make worrying about these things pointless when it comes to passwords. You have to poorly implement everything by hand and make a series of bad calls to run into any issues.