The Ideal Password Length

The issue began on the password length, when there has been an announcement on the eBay administration that the fixed password they would be accepting is 20 characters. There are some speculations due to security defect. So, at this moment, let us dig the deeper cause of needing a lengthy password.   Algorithms on Hashing A good example is the MD5, not so long ago, MD5 is known to be famous on hashing algorithms for web sites; Still, they experience secure algorithm when it comes to space in the following years. As larger companies processing large distributed networks on custom software, it is not that easy to upgrade the whole system to be able to use a new hashing algorithm. It may take months to years when modifying code to several systems.   Optimization of Software When the software is in C language and it has a hash-passwords of variable length, can you know the length of the password? Using the C, the end string is usually defined by byte 0x00 or the null byte, the length of the string is known through an application that will count the string of each byte until it reach the null byte (and this is a slow process). To process these commands quickly, limiting the passwords to a specific length, so all the passwords are just equal or less than the length (with a pre-defined byte). For this, it only needs a fixed buffer length to handle it and will not worry about anything else. When a software is stored in a database those plain-text passwords, a limit on the length is...

Pin It on Pinterest