Fang Talks


Been making another login system, and I came across this again.

I honestly have no idea why some services (ie Hotmail, the bastards) limit the length of the password you use. Any reasonable person knows to encrypt passwords before throwing them into the database. And the hash (encrypted password) is (in most cases) of a fixed length, independent of the password that was encrypted.

So why limit the length of a user’s password? You tell the database to have a certain length for the entered string, and you always enter the same length of string (again, due to the encryption). Longer passwords are safer, anyway. It feels dumb to be limited in that.

Or perhaps they don’t store the passwords encrypted in their databases? The result would be them having knowledge of millions of email-password combinations, and with the bad habit of password reuse lots of people have, they could get into quite a few PayPal accounts through that.

Quick everyone, put on your tinfoil hats!
~ Fang


  • 13/10/2012 (8:53 AM)

    makes no sense to me

  • 12/10/2012 (4:47 PM)

    I guess they might as well store everyone’s passwords in a database, too .. to make it easier for them men in black eggar suits.

    Lol about tinfoil hats. According to the government, eating more sunflower seeds helps as well.

  • 12/10/2012 (12:46 AM)

    But if what you say is true it’s too late for the hats! I wouldn’t be surprised if they were just not encrypting things, which would be silly, but they could also be considering people’s memories and don’t want them to make a password that’s so long they forget it.

Post a comment

Your email will stay hidden, required field are marked with a *.

Experimental anti-spam. You only have to do this once. (Hint: it's "Fang")