28

I'm creating a webapp, and part of my authentication method is password length.

Should I put one in place? (say, 50 characters?) Or should I just put a minimum length (Currently at 6).

Are there problems with not putting in a maximum length?

Hendrik Brummermann
  • 27,158
  • 6
  • 80
  • 121
jrg
  • 548
  • 6
  • 13
  • 1
    possible duplicate http://security.stackexchange.com/questions/144/how-long-should-the-password-be – H.B. Aug 15 '11 at 18:45
  • H.B: It's similar, but I beg to differ - I think that this question is different enough because I'm asking it from a implementation aspect and not a users aspect. However, if it gets closed as a duplicate, so be it. :) – jrg Aug 15 '11 at 18:59
  • 1
    You should actually make it so your users have to use phrases instead of the typical password. – Woot4Moo Aug 16 '11 at 22:31
  • 3
    Attackers love it when websites place arbitrary restrictions on user passwords. It gives them the info they need to tune their attack parameters. –  Sep 04 '12 at 21:30
  • 1
    Nothing makes me angrier then encountering a ***maximum*** password length. It is indicative of incorrect password storage, it is arbitrary, and encourages users to accept using passwords shorter then they are otherwise capable of using. If you must set an upper bound to make sure user's aren't sending you gigabyte long password strings, pick a limit of `1024` or `256` characters at the bare minimum... – recursion.ninja Nov 08 '14 at 22:21

3 Answers3

34

You should hash the passwords using a secure algorithm instead of storing it in clear text. The hash function will result in a constant output size regardless of the length of the input string.

Using a minimum length and perhaps some other quality rules is a good idea because it helps a little against laziness.

If you are afraid of Denial of Service attacks, you could put a server side limit for ordinary input fields into place, for example 1000 bytes. It's unlikely that someone wants to use such a long password.

Luc
  • 32,378
  • 8
  • 75
  • 137
Hendrik Brummermann
  • 27,158
  • 6
  • 80
  • 121
24

My recommendation: 1,024 bytes.

The limitation on password sizes is a limitation that existed for reasons of obsolete technical requirements. Modern password storage should rely on hashing which makes the password storage field a fixed size regardless of the password length. We don't want to see 1mb passwords as that would simply indicate somebody trying to cause a denial of service. I don't think I'll ever see a human use a 1,024 character (or longer) password. I think that's a small enough value to prevent any real DOS and a high enough value to never be reached in any reasonable circumstance.

Jeff Ferland
  • 38,170
  • 9
  • 94
  • 172
  • 16
    The venerable Apple 1 had only a very minimal ROM, just enough to type in hexadecimal code; so every time it was booted up, someone had to type what was the OS at that time, i.e. a 3 kB BASIC interpreter (so about 6000 characters). Steve Wozniak could do it in 20 minutes and knew it by heart. – Thomas Pornin Aug 15 '11 at 19:15
  • 7
    And if you believe that I've got some money I need help transferring out of the country. – webbiedave Aug 15 '11 at 23:42
  • 3
    @webbiedave Thomas is telling the truth - I've read the same thing in Steve Wozniak's book, iWoz. – jrg Aug 16 '11 at 01:08
  • 6
    He didn't need to change it monthly though. – Joubarc Aug 17 '11 at 08:12
  • 3
    @webbiedave sounds reasonable [based on what the Apple-1 manual says](http://archive.computerhistory.org/resources/text/Apple/Apple.AppleI.1976.102646518.pdf) – Josh Nov 01 '11 at 02:16
  • 5
    I don't think a basic interpreter would be a good password. – Paŭlo Ebermann Nov 20 '11 at 13:43
4

It depends on the message digest function you use. For the majority (sha-256, even md5,sha1 ect...) it doesn't matter. However, if you are using bcrypt it does, bcrypt has a 55 char limit. So if you're salt is 27 bytes you can have a password of 28 bytes.

On a side note, CWE-521 does require that you have a max password length. However it doesn't state the max, and from a security prescriptive I don't see any reason why it could be 512kbyte or more.

rook
  • 47,004
  • 10
  • 94
  • 182
  • 1
    hey, that's interesting? do you have a link for further reading on the BCrypt char limit? – Jacco Sep 24 '12 at 07:22
  • 2
    ...however as stated [here](http://security.stackexchange.com/a/6627/3272) you can simply hash the password and put that into bcrypt instead – Tobias Kienzler Feb 13 '13 at 16:51