Comment 2 for bug 959288

I don't understand where the requirement to do this has come from.

The proposed fix doesn't limit password length, it truncates it. In my opinion this is bad practice, in any password scheme the strength of the created password should be understood by both parties. Truncating a password before storing/checking leads to a miss-match where a supplied password has more entropy than that which is used for authentication.