So, given that passwords shouldn’t or should I say must not be saved in a way that enables anyone (even administrators) to retrieve the plaintext version of a password, we’re talking about some sort of hashing. Whether hashing algorithm it is MD5 (avoid) os SHA1 (and in order to avoid precomputed hashes of passwords (known also as rainbow tables) you should use salting techniques with hashing algorithms), the length of a calculated hash does not depend on the length of the plain text password.

So, why is the length of the password limited to 16 characters? Beats me.

Of course, I recommend developers to use bcrypt instead of SHA or MD5. Bcrypt is very slow (compared to SHA or MD5), which is a good property to have for checking passwords — you don’t want to have a super-fast hashing/crypting algorithm thus effectively preventing brute force attacks.

Both YSlow and Page Speed require the excellent Firebug extension, which is an essential tool for web developers. If you don’t know YSlow or Page Speed yet, now is the time to get acquainted.

Vesel sem, da sem lahko del konference, ki je namenjena razvijalcem in bo izpeljana s strani razvijalcev. Takšnih, ki vsak dan načrtujemo, razvijamo in oblikujemo moderne IT rešitve. Dejan in Matevž sta me že prehitela z objavami o konferenci, vsekakor pa si oglejte tudi spletno mesto samega dogodka — predvsem pa si rezervirajte 1. oktober 2008 za obisk Portoroža in udeležbo na tej konferenci. Pohitite z registracijo, saj je število udeležencev omejeno!