MobileRead Forums - View Single Post - Unable to log in with password longer than 50 characters

Xandaros · 02-06-2016, 09:44 PM

Hello,

I registered yesterday and found myself unable to log in from my other machine. Turns out that, when registering (or changing your password), the input boxes are limited to 50 characters. Anything above that simply gets trimmed off.

The log in box on the main page does not have any such restrictions and will happily accepts my 64 character password. What happens next is that I registered with a 50 character password, but try to log in with a 64 character long password. Which is obviously a mismatch.

I may be paranoid for uses such long passwords, but this is clearly a bug. Please fix.
By the way: Why the limit? Looks like you compute the MD5 (insecure, btw) hashes on the client, anyway. On a side note - do you even salt them? Not that it matters with MD5...

02-06-2016, 09:44 PM	#1
Xandaros Junior Member Posts: 8 Karma: 10 Join Date: Feb 2016 Device: Kindle PW3 G090 G105	Unable to log in with password longer than 50 characters Hello, I registered yesterday and found myself unable to log in from my other machine. Turns out that, when registering (or changing your password), the input boxes are limited to 50 characters. Anything above that simply gets trimmed off. The log in box on the main page does not have any such restrictions and will happily accepts my 64 character password. What happens next is that I registered with a 50 character password, but try to log in with a 64 character long password. Which is obviously a mismatch. I may be paranoid for uses such long passwords, but this is clearly a bug. Please fix. By the way: Why the limit? Looks like you compute the MD5 (insecure, btw) hashes on the client, anyway. On a side note - do you even salt them? Not that it matters with MD5...