Bisq: Relax 50-character wallet password limit

I just encountered this, I think related, error after trying to input a 50 char-long password:

What is the reason behind such limitation?

I will have a look. Think there was not hard reason, just that a random pw (using mixed chars) with length of about 30 is sufficiently safe, so to use pw with 100s of chars is pointless IMO.

Well, I would say limiting password length is not a good idea in general. Password lengths of 160+ chars is currently considered "secure". There are two good articles about that subject.

• https://techbeacon.com/how-developers-can-build-in-better-password-security
• https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet

IMHO leave it up to the users' decision which password length they would like to use.

If you use mixed chars (alphanumeric + special chars) you should get with a length of > 20 chars a sufficiently high strength (> 128 bit)
https://en.wikipedia.org/wiki/Password_strength
I will release the limit but I think you should be aware that a super long pw does not provide really more security. The weak link will be where you store the pw (I dont assume u dont remember a 160 char pw) and your general operational security (OS,...).

@ManfredKarrer No worries, I know where you are coming from. Releasing the password length alone is no guarantee for general security as you already mentioned. It just gives users more options using their passwords as they are used to. Some may use password managers, QR Codes or just print them out.

Anyways, It is great to hear that you will implement it. Big thanks for all your work :1st_place_medal:

Update: we will relax or remove this restriction in the next version.

@ManfredKarrer, I believe this restriction has been lifted for the forthcoming 0.6.0, correct? I just looked briefly, and couldn't find the relevant commit.

Yes that's lifted for next release 0.6.