It is bad programming. Specifically it is very bad security (especially setting a maximum length - that is just ridiculous). I think websites should not rely too much on passwords anyway. They should be designed under the assumption that attackers will fairly commonly get access to user passwords, and therefore not let someone do too much damage from simply being able to login to your account.

The best way to handle passwords IMO, is to have the browser compute a quick hash of the password, and then the server compute the hash of that. That way the “password” that is being sent to the server is always the same length.

To potentially answer my own question: I believe the protocol I was looking for might have been the dat protocol which seems to have been replaced by something else.

c/Xporn when X is not sexual. Like r/foodporn, r/earthporn, or r/animalporn.