Reply to post:

For Foxit's sake: PDF editor biz breached, users' passwords among stolen data


If the passwords were not salted and hashed, they have major problems. Anyone not doing that in 2019 should be fired for incompetence.

If the passwords are salted and hashed then what is stored is the hash which is a fixed length. Therefore imposing an arbitrary password length limit is completely pointless. You need some limit on buffer length and calculation time, but 20 characters?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021