5
Byomeer
7y

Why the fuckin' hell does PayPal limit your password to 20 characters?!?

The length shouldn't matter if they hash and salt the passwords... sooooo...

Comments
  • 1
    Don't you need a limit that depends on the length of the hashed value to avoid duplicates? (I don't know much on this topic so enlighten me if I'm wrong)
  • 1
    @jsframework9000 that's why you salt the password hashes. That adds extra randomness to the data and avoids the duplicate issue...
  • 1
    @Byomeer you don't salt the hashes. You salt and then hash and it doesn't help the duplicate problem, but cutting the length could help.
  • 1
    Interesting fact: bcrypt, a popular password hashing algorithm, has a limit of 72 characters.
Add Comment