|
|
|
|
|
|
by lightbyte
3021 days ago
|
|
|
A common method I've seen to get around that is to first hash the password with something like SHA512 before applying bcrypt. This allows you to use longer passwords as well as setting them all to a constant length for bcrypt (which can potentially remove a ddos vector). |
|
|