this post was submitted on 18 Aug 2024
830 points (98.8% liked)
Cybersecurity - Memes
1899 readers
227 users here now
Only the hottest memes in Cybersecurity
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
It's all fun and games until someone realizes they can just create lots of accounts with large passwords and fill your space.
Not a problem because passwords are hashed, which means they take up a fixed size, and you should have form upload size limits anyway.
One would hope so anyway,
The above conflicts directly with OP's
Accept any utf8 string
Ok. Take up to 65,536 bytes of utf8 string. Or better yet. Accept any password length. I mean any. But instead of transmitting it you bcyrpt on their machine and then use the resulting key to hmac sign a recent timestamp that can't be reused.