Once upon a time, Orcan Ogetbil <[email protected]> said: > On Wed, Oct 12, 2011 at 12:44 PM, Kevin Fenzi wrote: > > New Password Rules: > ... > > * No maximum length. > > I thought about this for a while. Is this ever possible? What kind of > storage do we use?
Yeah, I saw that too. A literal "no maximum length" is a denial of service waiting to happen. I'm sure the passwords are hashed, so it isn't a matter of storage, but the input buffer is not unlimited, and neither are the hash iterations to process the input. What is the actual limit? 256 characters? 512? -- Chris Adams <[email protected]> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. -- devel mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/devel
