[Cryptography] How secure are hashed passwords?

Michael Kjörling michael at kjorling.se
Fri May 30 17:53:13 EDT 2014


On 22 May 2014 12:17 -0400, from cloos at jhcloos.com (James Cloos):
>>>>>> "DM" == Dan McDonald <danmcd at kebe.com> writes:
> DM> Ebay has an upper limit on password size.
> 
> Does anyone know what it is?

I'm _pretty_ certain that when I reset my password after this recent
breach, the form said the maximum allowed length was a measly 20
characters. But they won't even give me a simple password change form
without going through all the hoopla of a full "forgotten"-style
password-reset procedure, which I am not inclined to do. (Just give me
a form already where I can provide my current and a new password!)

Although I haven't confirmed this, according to one of the screenshots
on [1], Paypal has the same inane limitation of maximum 20 characters.

[1] http://www.troyhunt.com/2014/05/the-cobra-effect-that-is-disabling.html

-- 
Michael Kjörling • http://michael.kjorling.semichael at kjorling.se
OpenPGP B501AC6429EF4514 http://michael.kjorling.se/public-keys/pgp
                “People who think they know everything really annoy
                those of us who know we don’t.” (Bjarne Stroustrup)


More information about the cryptography mailing list