Enforcing password strength
Enforcing password strength
Posted Oct 14, 2011 12:27 UTC (Fri) by robbe (guest, #16131)In reply to: Enforcing password strength by k8to
Parent article: Enforcing password strength
Why not try to login with your passphrase minus the last character? This will catch chopping-of at any length from 1 to N-1 characters. If you get in this way, complain to the admin and/or never use the service again.
Password chopping to anything less than 100 characters means one or more of the following:
* clear-text storage in a database column of fixed maximum width
* bad hash implementation
* poor understanding of security overall