Reply to post:

For Foxit's sake: PDF editor biz breached, users' passwords among stolen data

Christoph Silver badge

If the passwords were not salted and hashed, they have major problems. Anyone not doing that in 2019 should be fired for incompetence.

If the passwords are salted and hashed then what is stored is the hash which is a fixed length. Therefore imposing an arbitrary password length limit is completely pointless. You need some limit on buffer length and calculation time, but 20 characters?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2019