Just take the string as bytes and hash it ffs

  • Showroom7561@lemmy.ca
    link
    fedilink
    English
    arrow-up
    16
    ·
    3 months ago

    Reasonable upper limits are OK. But FFS, the limit should be enough to have a passphrase with 4 or 5 words in it.

    • aname@lemmy.one
      link
      fedilink
      English
      arrow-up
      5
      ·
      3 months ago

      Usually 256 bit hash is used. 256 bits is 32 bytes or 32 characters. Of course you are losing some entropy because character set is limited, but 32 characters is beyond reasonable anyway.

      • Lojcs@lemm.ee
        link
        fedilink
        English
        arrow-up
        4
        ·
        edit-2
        3 months ago

        The eff passphrase generator has about 2.5 bits of entropy per character (without word separators). Eff recommends 6 word passphrases, and with an avg word length of 7, that’s (only) 79.45 bits of entropy that won’t even fit in the 32 characters. If there wasn’t a password length limit it would be possible to saturate the hash entropy with a 20+ word & 102+ char passphrase.

        • aname@lemmy.one
          link
          fedilink
          English
          arrow-up
          1
          ·
          3 months ago

          Of course, but that’s because you are using a passphrases. Passwords have a much hogher entropy.

      • Showroom7561@lemmy.ca
        link
        fedilink
        English
        arrow-up
        2
        ·
        3 months ago

        I’d be totally fine woth 32 characters! But I’ve come across too many websites with unreasonably short (20 characters or less) limits.