Comment 9 for bug 1175906
Revision history for this message
| Robert Clark (robert-clark) wrote Re: passlib long password DoS | #9 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Would it be possible to present option 1 as option 2. That is to say, create a maximum password length setting that in reality truncates password input. This would perhaps satisfy the 'dont break stuff' requirement (you could truncate to 256 by default) while also allowing deployers to decide what cpu/complexity tradeoff they'd be happy to accept?