undefined | Better HN

0 pointskgrin11y ago0 comments

Err... what's a plausible reason passwords would be restricted to 20 chars, other than being stored in plaintext in a char(20) field?

0 comments

Making sure you can't DDoS by sending gigabyte passwords for the server to hash. Of course 20 is seriously … overprotective.

Pretty sure nothing's stopping me from sending a gig of data to their server anyway.

No, but hashing is much more intensive than just receiving it.

j / k navigate · click thread line to collapse

0 pointskgrin11y ago0 comments

Err... what's a plausible reason passwords would be restricted to 20 chars, other than being stored in plaintext in a char(20) field?

Making sure you can't DDoS by sending gigabyte passwords for the server to hash. Of course 20 is seriously … overprotective.

Pretty sure nothing's stopping me from sending a gig of data to their server anyway.

No, but hashing is much more intensive than just receiving it.

j / k navigate · click thread line to collapse