It turns out the only limitation for password length is the html password input box which on a standard zencart install is set to 40 characters. The php function used to encrypt the password really has no length limit.