Re: You think _that's_ bad?
The maximum - and minimum - stored password size should be the fixed length output size of whatever cryptographic hash function is used on the salted concatenation of user name and password.
The maximum - and minimum - stored password size should be the fixed length output size of whatever cryptographic hash function is used on the salted concatenation of user name and password.