On Sun, Mar 2, 2014 at 10:44 PM, Chris Angelico <ros...@gmail.com> wrote: > Of course, the whole concept depends on being able to use long > memorable passwords. Any system that sets a maximum password length of > anything less than about 30-40 characters is causing its users > problems. There's almost never any reason to set a maximum at all.
Well, there's usually *some* reason. If you allow your users to set a 100-MB password then your system has to accept and attempt to verify any 100-MB passwords that might get passed in, which opens you up to a certain DoS attack. Setting the limit at 8 characters though is absurd and a probable indication of bad password handling. -- https://mail.python.org/mailman/listinfo/python-list