On 12/22/11 07:12, Doug Chamberlin wrote: > Why limit it to so little? Make the limit 1KB or 2KB to encourage pass > phrases instead of passwords. > > Full sentences that are meaningful to the person are WAY better > protection than complex passwords.
Currently (fb3) firebird does not artificially limit length of passwords. But one must take into an account that passwords much longer than size of hash are meaningless - in case of bruteforce attack one will sooner of all find shorter password with same hash value. With 160 bit hash we can say that passwords longer than 20-24 bytes (24 cause one typically does not use some bytes like \n in passwords) make no sense from bruteforce attack POV. On the other hand, if one prefers to use some long pass phrase (may be it's easier to remember it?) I see no big reasons to avoid such practice. But please remember that passwords do not become stronger on SRP when >24bytes long. ------------------------------------------------------------------------------ Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
