Password length requirement(feddit.org)

posted 3 months ago

cron@feddit.org

cybersecuritymemes@lemmy.world

170 commentshide report

Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?

Sort:

Hot Top Controversial New Old

You are viewing a single thread.

View all comments View context

[ - ]

Jade@programming.dev

23 points

3 months ago

Not a problem because passwords are hashed, which means they take up a fixed size, and you should have form upload size limits anyway.

permalink

report

parent

[ - ]

tiredofsametab@fedia.io

6 points

3 months ago

hashed, which means they take up a fixed size

One would hope so anyway,

you should have form upload size limits

The above conflicts directly with OP’s Accept any utf8 string

permalink

report

parent

[ - ]

milicent_bystandr@lemm.ee

5 points

3 months ago

I opened an account in 2014 and I’m still uploading my password.

permalink

report

parent

[ - ]

tiredofsametab@fedia.io

3 points

3 months ago

If you aren’t required to use an upload manager, are you really setting a solid password :thinking:

permalink

report

parent

[ - ]

milicent_bystandr@lemm.ee

4 points

3 months ago

Can’t trust an upload manager not to be hacked. I employ a team of typists in India.

report

[ - ]

3 points

3 months ago

Ok. Take up to 65,536 bytes of utf8 string. Or better yet. Accept any password length. I mean any. But instead of transmitting it you bcyrpt on their machine and then use the resulting key to hmac sign a recent timestamp that can’t be reused.

permalink

report

parent

Cybersecurity - Memes

!cybersecuritymemes@lemmy.world

Create post

Only the hottest memes in Cybersecurity

Community stats

14
Monthly active users
79
Posts
1K
Comments

Community stats

Community moderators