After the recent iCloud debacle, I methodically went about setting passwords of everything I care about to use very secure passwords, i.e. very long strings composed of random alphanumeric and non-alphanumeric chars. When it came time to change my AppleID password I noticed forgot.apple.com had max length set to 32 in the password form, after removing with web inspector and submitting I was presented with this http://i.imgur.com/uSlW2.png

When a website imposes a maximum length on passwords what other reasonable conclusions can be drawn other than the passwords are not hashed before being persisted? For example a SHA512 is always 128 chars long regardless of input, so why is there a need to put a limit on the maximum amount of chars in a password? Just set the column length to 128 and be done with it.