Because then people find out that it ignores a bunch of your password and people's "password12DHpS*yoCTV44cAmg$gJj" is matched by "password123". Or "correct horse battery staple i have the most brilliant password ever" is matched by "correct horse battery staple".
Good point, that was too simplistic. Then again, I guess longer passwords could be preprocessed with another hashing function, one that returns a string of X bytes?
My point is that throwing a "password too long" error, especially for 32 characters or less, feels like a wrong approach to me; no matter the circumstances or the amount of backward compatibility that has to be kept.
What do you mean by problematic? The source links to YT and I can’t view a YT link.
I assume “problematic” here means “difficult but possible”. If problems arise then I guess it’s a matter of priorities; but I think that not inconveniencing the user with password length limits should be high priority.