Tell HN: Zoom truncates passwords to 32 chars

That’s not as bad as Apple which silently removes white space within your password but doesn’t actually tell you it did that leading to locking yourself out after multiple attempts:

https://news.ycombinator.com/item?id=13838342

I found out the main reason why passwords are limited length even when using modern hashing techniques.

The problem is caused by the way multi-round password hashing algorithms are designed. Specifically, in each round, the full contents of the password is concatenated with the previous round's hash result as the input to the next round. This means that the processing complexity of password hashing is proportional to `number of rounds * password length`. Because the implementation has to tune the number of rounds to their authentication server's performance, and because the tuning is performed on "normal length" passwords, this opens the authentication servers up to a DOS attack by overwhelming them with very long passwords which is only a problem because password hashing has quadratic complexity thanks to this design. Thus, in response, administrators are forced (!) to limit password length just so their authentication servers can't be attacked.

This design flaw (imo) could be pretty easily solved by hashing the user provided password once first, and then using that hash to concatenate each round. This changes the complexity to `number of rounds + password length` (note the "+" !). As a secondary benefit, the multi-round hashing step actually becomes constant time because all inputs are the same length! In fact, I wonder if the current design makes it possible to infer a user's password length from timing attacks on the authentication servers while a user is logging in.

I've not got any satisfactory cryptographic reason why we still use this design for password hashing besides platitudes like "don't roll your own crypto", appeal to authority "It's been designed by the experts", or stupid reasons like "but network bandwidth!" -- as if an http authentication request that's 4kb is gonna slow down the network vs a 3kb request (and this is a worst case of a relatively huge 1kb password!). Availability is an important part of security, and sacrificing both availability (vulnerability to DOS) and security (admins forced to limit password length) seems like a doubly whammy argument against the current design.

PayPal actually limits a password’s maximum length(!) to 20 characters.

(I finally deleted my account there yesterday after close to 20 years; I should have done so years ago.)

You think that’s bad? A bank here in Canada, Bank Of Montreal, was using a maximum of 8 characters (and I believe no special chars permitted). Couldn’t use them anymore.

> While 32 chars is plenty long for a password, [...].

It might be plenty long for completely random characters, but when one uses a word sequence, the 32 characters are easily reached.

I imagine that this limitation is fairly common, although it probably wouldn't cost them any more to move to truncating at 512 characters or something like that. There has to be a limitation at some point to prevent denial of service attacks caused by hashing super long passwords. Maybe 32 characters seemed like a reasonable choice when they set the system up. I'm guessing that a large number of rounds of a secure hash function on 32 chars is more secure than a smaller number of rounds on 64 chars (given that most passwords are well under 32 characters long).

I have a sneaking suspicion that xfinity does this. When signing up they said there were no password restrictions. So I generated ~64 character password using my trusty password manager, and used that. Went to log in and couldn't, wrong password. So I changed my password, again ~64 characters, with the old trusty companion. Again, couldn't log in.

Finally, I just changed my password to a randomly generated password of a commanding ~16 characters and haven't had a problem logging in since. I've spent more time than I care messing with my password on xfinity's site. There was exactly no scientific endeavor, and is purely conjecture. But it really feels as though there is some chicanery happening with passwords.

I usually try to sneak comment characters and sequences from various languages into my passwords. That way if I sign up for a new account somewhere and the website gives me some really unexpected output back after I click "submit" I know that I probably don't want an account there anyway. Plus I feel like there's a chance it could screw up some script kiddies scripts if he gets my password into a wordlist for some second-rate hacking tool.

Do people make passwords longer than 32 chars?

I was under the impression that with 16 random ascii characters it would take all of the computing power on earth until the heat death of the sun to crack it.

What is your expectation for allowed password length and why?

a lot of people use bcrypt and that has effective truncation at 72 bytes unless you are pre-hashing for longer inputs or doing something else non-standard.

I guess Zoom devs have never heard of "no artificial limitations".

Yes, there are going to be limitations; no resource is infinite. But 32 chars is just too arbitrary.

This used to be an issue with ebay.com back in the day. I used to be able to log in, but not change my password, because the length constraints were different.

Apple does this too. Gmail is the best, something like at least 99 characters allowed.

Still much better than most banks and miles ahead of ssa.gov

I suspect these Zoom posts are primarily aimed at damaging the brand, rather than highlighting product flaws.

No affiliation with Zoom, but wow - the unrelenting torrent of negative coverage on HN over the last few days has been remarkable. It seems there's at least two or three negative articles on the front page at all times.

So is today attack Zoom's security day?

Can we PLEASE put a stop to the endless 'crap on zoom' articles on HN, this is getting out of hand.