Cybersecurity - Memes

1899 readers

227 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago

MODERATORS

[email protected]

830

Password length requirement (feddit.org)

submitted 4 weeks ago* (last edited 4 weeks ago) by [email protected] to c/[email protected]

172 comments fedilink hide all child comments

Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 4 weeks ago (6 children)

It's all fun and games until someone realizes they can just create lots of accounts with large passwords and fill your space.

[–] [email protected] 23 points 4 weeks ago (5 children)

Not a problem because passwords are hashed, which means they take up a fixed size, and you should have form upload size limits anyway.

[–] [email protected] 6 points 4 weeks ago (4 children)

hashed, which means they take up a fixed size

One would hope so anyway,

you should have form upload size limits

The above conflicts directly with OP's Accept any utf8 string

[–] [email protected] 3 points 4 weeks ago* (last edited 4 weeks ago)

Ok. Take up to 65,536 bytes of utf8 string. Or better yet. Accept any password length. I mean any. But instead of transmitting it you bcyrpt on their machine and then use the resulting key to hmac sign a recent timestamp that can't be reused.

load more comments (3 replies)