I know this is a joke, but allowing arbitrarily long passwords allow a DOS attac... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		kibibu on Jan 8, 2014 \| parent \| context \| favorite \| on: The new Photosynth I know this is a joke, but allowing arbitrarily long passwords allow a DOS attack if your server uses bcrypt or similar (consider uploading a 1GB password, for example)

lstamour on Jan 10, 2014 [–]

Good point. You need to draw the line somewhere. I wrote about 200 character limit Google uses because I hit it the other day. I wondered, but that makes sense. Wouldn't surprise me if they also took networking into consideration too.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact