On Fri, Nov 25, 2011 at 12:16, Lukas Fleischer <archlinux@cryptocrack.de> wrote:
Out of curiosity - why would you need a password with more than 32 characters? If you use a password manager and create random passwords anyway, there's no need to create such long passwords. Assuming that your password contains lower-case and upper-case letters, as well as numbers, you won't gain any extra security when using passwords longer than ~22 characters (it'll be easier to brute-force a MD5 collision than finding the correct password in this case). Even if we used SHA-1, passwords with a length of 27 characters would already give you the maximum amount of security possible.
I use the pwsafe password manager, which defaults to passwords with 160 bits of entropy, which usually means 32 chars with special chars or 39 chars with just numbers and letters in lower and upper case. I agree that there's no need for having passwords of this length, but passwords managers with longer default lengths than 32 chars do exist, and it's really no reason for stopping people from using long passwords. Having maxlength on a password field only suggests that the password is stored in plain text.
You should try to configure your MUA not to break long lines when sending patches... The best alternative is to use `git send-email` :)
Sorry, I'm usually using GitHub for all git cooperation, and Gmail is really suboptimal for sending patches :-) -- Stein Magnus Jodal