We've a login form and our minimum password length is 8 chars. So when a user types anything less than 8, we validate the length via javascript and let the user know that the minimum password length is 8 chars.
However i believe this is a bit of sensitive information and for all i know i might be saving a few weeks for a hacker by exposing my minimum length password constraint.
Please let me know if this is advisable or is it good not to give away the minimum length.
Without informing a user about your minimum password length, you can still let them know the password is too short "Your password is too short, please try a longer one". However, you will have frustrated users if you don't tell them how long the password needs to be at minimum. And a hacker will still be able to figure out your minimum password length anyway if only by dumb trail and error.
Frustrated users are bad, so appease them with telling them why their password is no good.
If you are worried about security, I would look into other things that you can control that won't inconvience your users passwords as much. (HTTPS, requiring password change confirmations, requiring minimum number of special characters, list goes on and on).
it is advisable for the user to know. this is from the user's point of view. If you don't tell it, He might be having problems with your validations and he doesn't even know why..
