Just take the string as bytes and hash it ffs

  • owsei
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    1
    ·
    4 months ago

    Damm, I legit didn’t knew there bcrypt had a length limit! Thank you for another reason not to use bcrypt

    • frezik@midwest.social
      link
      fedilink
      English
      arrow-up
      4
      ·
      4 months ago

      Scrypt has the same limit, FWIW.

      It doesn’t matter too much. It’s well past the point where fully random passwords are impossible to brute force in this universe. Even well conceived passphrases won’t get that long. If you’re really bothered by it, you can sha256 the input before feeding it to bcrypt/scrypt, but it doesn’t really matter.