Skip to content
Better HN
Top
Best
Ask
Show
New
Jobs
Search
⌘K
0 points
kgrin
11y ago
0 comments
Save
Share
Err... what's a plausible reason passwords would be restricted to 20 chars, other than being stored in plaintext in a char(20) field?
0 comments
3 comments · 1 top-level
top
newest
oldest
0942v8653
11y ago
· 2 in thread
Making sure you can't DDoS by sending gigabyte passwords for the server to hash. Of course 20 is seriously … overprotective.
mgkimsal
11y ago
Pretty sure nothing's stopping me from sending a gig of data to their server anyway.
0942v8653
11y ago
No, but hashing is much more intensive than just receiving it.
j
/
k
navigate · click thread line to collapse
