What's quite annoying is how agressive most products are into forcing this method over regular email+pw / Social Logins. Let me use my 100 chars password!
You are not the target audience, you are not even an outlier, it's probably time to accept this and look for long-term solutions that allow you to interface with the "mainstream".
Agreed. But since every character gives you around 6 bits (26*2 letters + 10 numbers + some special characters ≈ 64 = 2^6), you'd need 256/6 ≈ 43 characters to exhaust the checked entropy, so up to that level it makes sense.
If you use sentences instead of randomly generated characters, the entropy (in bits/character) is lower, so 100 characters might well make sense.
Passwords are (or, rather, SHOULD be) cryptographically hashed rather than encrypted. It's possible to compute a hash over data which is longer than the hash input block size by feeding precious hashes and the next input block back in to progressively build up a hash of the entire data.
pas|6 months ago
sampullman|6 months ago
whyever|6 months ago
FabHK|6 months ago
If you use sentences instead of randomly generated characters, the entropy (in bits/character) is lower, so 100 characters might well make sense.
sweetjuly|6 months ago
bsimpson|6 months ago
If your password was 123lookatme, you could type 123lookaLITERALLYANYTHING and it would succeed.