Just take the string as bytes and hash it ffs

  • frezik@midwest.social
    link
    fedilink
    English
    arrow-up
    3
    ·
    2 months ago

    There’s a more practical limit. Using US standard keyboard symbols, a 40 char password is about as secure as a 256-bit block cipher key. That’s impossible to break due to thermodynamic limits on computing.

    The reason to put a high char limit is to mitigate DoS attacks. It can still be a few hundred chars.