Truncating passwords to 4096 bytes is useless

nette / security

🔑 Provides authentication, authorization and a role-based access control management via ACL (Access Control List)

https://doc.nette.org/access-control

Other

357 stars 40 forks source link

Truncating passwords to 4096 bytes is useless #1

Closed JanTvrdik closed 10 years ago

JanTvrdik commented 10 years ago

Nette\Security\Passwords truncates password to 4096 bytes. But crypt truncates passwords further to 72 bytes. Is there a reason to not truncate the password in Nette\Security\Passwords directly to 72 bytes or not truncate it all and leave it be for crypt to handle this?

Partially relevant question on SO

fprochazka commented 10 years ago

@JanTvrdik :+1:

dg commented 10 years ago

Yes, it is useless.