Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is the reason I usually recommend to pre-hash the password with something like SHA512 or SHA3. Dropbox takes this approach too.

On the other hand, 72 bytes is a lot, especially when you have decent bcrypt settings.



> This is the reason I usually recommend to pre-hash the password with something like SHA512 or SHA3. Dropbox takes this approach too.

Yes, the issue is that you have to remember to do that.

> On the other hand, 72 bytes is a lot

From my own comment:

> 72 bytes is not a very high limit when SEA abugida use roughly as many symbols as western alphabets per word/phrase but each symbol takes 3 bytes (assuming UTF-8) rather than one.

> For instance "Gujarati script" is 15 codepoints and 15 bytes but and "ગુજરાતી લિપિ" ("Gujarati script" in Gujarati) is 12 codepoints and 34 bytes.

In two words, Gujarati (and many other SEA/Brahmic abugida e.g. Tai) is halfway there, a decent passphrase in an SEA script will blow right through.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact