[clement_b]

What's quite annoying is how agressive most products are into forcing this method over regular email+pw / Social Logins. Let me use my 100 chars password!

[pas]

You are not the target audience, you are not even an outlier, it's probably time to accept this and look for long-term solutions that allow you to interface with the "mainstream".

[sampullman]

Many (most?) people I know in the "target audience" want to keep their email+password logins.

[tristan957]

The UX of having to switch apps or websites is terrible when I have auto fill available via the Web browser or a password manager.

[whyever]

Such long passwords are silly, they will be effectively truncated by the key length of the underlying cryptography.

[FabHK]

Agreed. But since every character gives you around 6 bits (26*2 letters + 10 numbers + some special characters ≈ 64 = 2^6), you'd need 256/6 ≈ 43 characters to exhaust the checked entropy, so up to that level it makes sense.

If you use sentences instead of randomly generated characters, the entropy (in bits/character) is lower, so 100 characters might well make sense.

[afiori]

Which is why sha+bcrypt is always better than just bcrypt

[sweetjuly]

Passwords are (or, rather, SHOULD be) cryptographically hashed rather than encrypted. It's possible to compute a hash over data which is longer than the hash input block size by feeding precious hashes and the next input block back in to progressively build up a hash of the entire data.

[xx_ns]

bcrypt, one of the more popular password hashing algorithms out there, allows the password to be up to 72 characters in length. Any characters beyond that 72 limit are ignored and the password is silently truncated (!!!). It's actually a good method of testing whether a site uses bcrypt or not. If you set a password longer than 72 characters, but can sign in using just the 72 characters of your password, they're in all likelihood using bcrypt.

[integralid]

Yeah, that's why bcrypt is broken and shouldn't be used today. It had a good run, but nowadays we have better options like scrypt or argon2.

[daneel_w]

It's not broken. It's just potentially less helpful when it comes to protecting poor guessable passwords. bcrypt isn't the problem, weak password policies/habits are. Like bcrypt, argon2 is just a bandaid, though a tiny bit thicker. It won't save you from absurdly short passwords or silly "correct horse battery staple" advice, and it's no better than bcrypt at protecting proper unguessable passwords.

Also, only developers who have no idea know what they're doing will feed plain-text passwords to their hasher. You should be peppering and pre-digesting the passwords, and at that point bcrypt's 72 character input limit doesn't matter.

[kbolino]

Bcrypt alone is unfit for purpose. Argon2 does not need its input to be predigested.

It's easy for somebody who knows this to fix bcrypt, but silently truncating the input was an unforced error. The fact that it looks like and was often sold as the right tool for the job but isn't has led to real-world vulnerabilities.

It's a classic example of crypto people not anticipating how things actually get used.

(Otherwise, though, I agree)

[efilife]

Why is the "correct horse battery staple" advice silly?

[whyever]

Yes, in this case it would be easier to brute-force the key instead of the password, so the additional characters don't really help.

[Hackbraten]

Brute-forcing the underlying key doesn’t help if you’re trying to mount a credential stuffing attack. Brute-forcing the password does.

[bsimpson]

For years (and way more recently than is appropriate), the financial institution Schwab would silently truncate your password to 8 characters.

If your password was 123lookatme, you could type 123lookaLITERALLYANYTHING and it would succeed.