Following my discussion of password lengths, it appears that NIST are concerned about naughty people brute-forcing hashes in stolen password lists. In order to make it more difficult, they’re…