I understand why a well established service such as Microsoft's Hotmail (or Outlook) would prevent passwords that are too short, but why limiting password length on the opposite side?

I am switching management of my passwords to a password manager that I set up to generate random passwords 18 characters long with all the possible special symbols. As an example:

That is a good process, because by changing your old passwords you learn about all the security holes in your previously used services.

So when I was changing my Hotmail account password I got this message:

What a dumb statement! Are they using something like DES encryption or a similar broken block cipher? Can someone explain this limitation to me?