Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If your password is 100,000,000 characters long, that's simply a waste of bandwidth, CPU time, space on the disk * millions of users * 1000s of iterations = money flushed down the toilet. And remember web servers have timeout parameters spread across half a dozen config files. You're just asking for trouble. Not worth it. To protect one self-important nitwit's video game password? Even your million character password could be sniffed or worse, the attacker might offer a hot apple pie with ice cream.


that isn't the point. the point is if there is a limit on character length, its a clear indication that the passwords aren't being properly handled.


Let's see you implement it then smartypants. So you can learn the hard way why there is a limit. You think you're smarter than the biggest technology companies on the planet? It's a clear indication of nothing but your own little vendetta driving you crazy.


If you can't handle arbitrary-length strings, you pretty much don't know how to program. Really.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: