Y
Hacker News
new
|
ask
|
show
|
jobs
by
kgrin
4139 days ago
Err... what's a plausible reason passwords would be restricted to 20 chars, other than being stored in plaintext in a char(20) field?
1 comments
0942v8653
4139 days ago
Making sure you can't DDoS by sending gigabyte passwords for the server to hash. Of course 20 is seriously … overprotective.
link
mgkimsal
4139 days ago
Pretty sure nothing's stopping me from sending a gig of data to their server anyway.
link
0942v8653
4139 days ago
No, but hashing is much more intensive than just receiving it.
link