I'm not proposing anything here. A limit of 4096 or even 256 would suggest limits for the reasons you mention. However, 28 bytes suggest something more specific. It's also short enough that diceware-like passwords [0] become untenable. Specifically note how we use ANAMELEN in many places to set buffers unrelated to password-length.
The question is whether there are technical reasons for choosing the value of 28 bytes, not whether we need a limit at all. A subsidiary question is why ANAMELEN is bundling multiple constraints into a single limit. [0]:https://theworld.com/~reinhold/diceware.html ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/Te7acf42f92a5d9b6-M9a7356c10a5a1b7a8430a9e5 Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
