I'm not complaining about them not supporting 256, I just find it strange the arbitrary limits imposed.

A site I signed up for today limited it at 42. Why?

And even if 128 is way over excessive, does it actually make a difference to the server? Obviously you don't want to be hashing multi megabyte passwords, but don't most password hashing systems need a certain sized key to work, so it's padded out to that point anyway? And once it's processing further "iterations", the size of the first password is pretty much irrelevant.