Not necessarily. There is another reason. Password hash functions like PBKDF2 are, by design, slow. Allowing extremely long passwords while using such a hash function creates a denial-of-service vulnerability.
Assuming the hash function takes proportionally more time to compute the hash of a longer password, of course. I believe they do, but I’m not certain.
Not necessarily. There is another reason. Password hash functions like PBKDF2 are, by design, slow. Allowing extremely long passwords while using such a hash function creates a denial-of-service vulnerability.
Assuming the hash function takes proportionally more time to compute the hash of a longer password, of course. I believe they do, but I’m not certain.