If Paypal were using a salted hash then there would be no length requirement because the entry in the database is always the same length. A typical sign that a web site is storing your password as plane text in their database is a password length requirement. Kinda scary considering ... -Craig
... View more