|
|
|
|
|
|
by tdrp
2116 days ago
|
|
|
I don't remember the math on hashing/bcrypt but isn't this the case that all passwords sort of hash to a fixed length string? Like why even have something like "your bank password must be 8-12 characters" long. Obviously for a gigabyte long it's a bandwidth and hash-computing issue :p |
|
|
Yes, that’s why you put in limits which are way beyond reasonable passwords but way below that. Say a few hundred or thousand bytes.
Also worth consideration: most of these work on bytes, probably utf8. A user wants to be cute and put emoji in there, that’s 4 bytes a pop. So depending how the system counts them, “hospital plane” might be considered 2, 4 or 8 characters.
But wait! Group emoji are concatenation combinations thereof, you can have a single multi-character emoji which is composed of half a dozen codepoints, and two dozen bytes once encoded.