te4.org silently destroys excess password characters.

[tilkau]

I went to register, and did my usual thing -- bring up KeePassX and use it's password generation system to generate a 32-character password.
However, when I tried to login ingame, it kept rejecting it.
Finally I spotted this:

password: PR:whgQPs^V>@ZlC)6huMJ3rpnf^^)

In the email I was sent.

The length of the above quoted password is 30, not 32 -- the final two characters are missing. Meaning the password stored in my password wallet was different from the actual password needed to login!

Before I noticed that, I had decided to change my password to something shorter -- 16 characters long. With that, I managed to successfully login in-game.

IMO an appropriate fix would be to a) indicate the allowed size of the password (I guess it is 2-30 just like the forums), and b) actually validate the password length and give an error when appropriate.

[Red]

Not having dealt with password programs in the past, I don't know how feasible this is, but wouldn't it make more sense to just allow passwords of any length?

[tilkau]

Not having dealt with password programs in the past, I don't know how feasible this is, but wouldn't it make more sense to just allow passwords of any length?

It's actually a database problem: The field is set to width 30, so that's all the space there is available to store the password. With most conventional databases, you cannot use arbitrary-length fields without substantial inefficiency.
Having a fixed width is therefore extremely common. It's only a problem when the website doesn't specify *what* that maximum is.

Just in case you are talking about KeePassX, -it- does allow arbitrarily long passwords.