QUICK NEWS

{NEW} - A new css video is up.

{OLD} - New video courtesy of Skhilled, Thanks for posting it up.

Video of the moment:


Internal Links

SMF Sites

Quick Info

Maximum password length

Started by Neša, Dec 23, 2022, 08:16 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Neša

Hi All,

I have created a clean test 2.0.19 forum I've used a password manager to generate a 100 character password.
The admin creation part worked fine and the user was created, when I try to login using the username/password combo it errors out saying my details are incorrect.

Is there a maximum character password limit in 2.0.19? I think the password might have been truncated before it was hashed and sent to the database.


Bigguy

Quote from: Neša on Dec 23, 2022, 08:16 PMIs there a maximum character password limit in 2.0.19?
I have not heard of one but I would think there is yes. We'll see what others think though. I think there would have to be really.
"It's the American dream....cause ya have to be asleep to believe it." - George Carlin

Oldiesmann

There shouldn't be, because passwords are hashed (encrypted) before they're sent to the database, so the information in the database will have the same length regardless of how long the actual password is.
Christian Metal Fans - https://www.christianmetal.fans

Bigguy

"It's the American dream....cause ya have to be asleep to believe it." - George Carlin

Skhilled

Personally, I would've thought a length of 50 would be way to long! LMAO It damn sure would be hard to remember. LOL

Neša

#5
Quote from: Oldiesmann on Dec 24, 2022, 01:54 PMThere shouldn't be, because passwords are hashed (encrypted) before they're sent to the database, so the information in the database will have the same length regardless of how long the actual password is.
Yep it stores a 64 character hashed password, it was just weird that it went through created the admin user then 10 seconds later I couldn't use the same password to login.

I have just re-created the error, I changed my 50 character password to 100 in my profile logged out then tried to log in again I get the password incorrect message.
Please don't try it on this forum the server can't send password reset emails so you'll be locked out.


Neša

#6
Quote from: Skhilled on Dec 24, 2022, 05:06 PMPersonally, I would've thought a length of 50 would be way to long! LMAO It damn sure would be hard to remember. LOL
I have a password manager for that :)
Why not use very long passwords.


Skhilled

I have one too. But if something goes wrong, you're screwed. LOL

I do store my important passwords elsewhere. ;)

Neša

Quote from: Skhilled on Dec 24, 2022, 07:03 PMI have one too. But if something goes wrong, you're screwed. LOL

I do store my important passwords elsewhere. ;)
Yep, I have 6 current backups on 6 different devices so all 6 have to stop working for me to be in a bad position.