Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?
You still need to deal with that on the server. The client you build and provide could just truncate the input, but end users can pick their clients so the problem still remains.
You still need to deal with that on the server. The client you build and provide could just truncate the input, but end users can pick their clients so the problem still remains.
The server can just reject any password hash it receives which isn't exactly hash-sized.