• Sibbo@sopuli.xyz
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    They may just base their limit on one or a few block sizes of the hash function.

    • kevincox
      link
      fedilink
      arrow-up
      8
      ·
      1 year ago

      That sounds incredibly unlikely. I would be good money that 99% of password length limits are not based on concrete limits. Things like “100 should be enough 🤷” must be way more common.

      I doubt 1% of programmers are away of their hashes block size. It is also probably irrelevant since after the first round everything is fixed size anyways.