[sillysaurus3]

The most common 5-character password is 12345. Users will definitely use that if you let them.

Also anyone who swipes the server's DB would have an easier time cracking the hashes, even if you use bcrypt/scrypt.