Hacker News new | past | comments | ask | show | jobs | submit login

Some financial systems, a large number of which run on mainframes, have databases where all fields are fixed length. (A database with fixed-length records is trivial to access randomly.)

One of my credit cards lists my name as "Christophe" rather than "Christopher" as they have a fixed-length 10 character field for first names. Customer support said it was unfixable.

It only takes one such system, in a complex web, to impose that limit on all systems.




A similar thing happens to me when I fly. My boarding passes usually truncate the middle name field which in my case (typically) results in the name of a religious figure rather than an uncommon or obviously truncated name.

This has never been an actual issue (or even commented on), but another middle name discrepancy has. Back in high school, there were some issues with my name on my state ID not exactly matching the school's entry for me.


At least American Express automatically changes "Christopher" to "C" so your first name is abbreviated rather than just cut off.


Names are expected to be stored in a database, passwords are not (only the hash should be stored).


It's possible, but this explanation still implies they're storing the passwords, not the hashes.


Think more along the lines of "they once had a mainframe in their infrastructure which stored passwords instead of hashes, which caused their requirements to limit the length of passwords to 20 characters, even if that system is no longer in use, or now uses hashes."


Sure, but that means that currently there's no reason to have the limit, except that they don't want to invest any effort to change it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: