847
submitted 3 months ago* (last edited 3 months ago) by cron@feddit.org to c/cybersecuritymemes@lemmy.world

Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?

you are viewing a single comment's thread
view the rest of the comments
[-] x0x7@lemmy.world 14 points 3 months ago

How to properly set password requirements on your website. Accept any utf8 string. Have a nice day.

[-] tiredofsametab@fedia.io 1 points 3 months ago

It's all fun and games until someone realizes they can just create lots of accounts with large passwords and fill your space.

[-] JadedBlueEyes@programming.dev 23 points 3 months ago

Not a problem because passwords are hashed, which means they take up a fixed size, and you should have form upload size limits anyway.

[-] tiredofsametab@fedia.io 6 points 3 months ago

hashed, which means they take up a fixed size

One would hope so anyway,

you should have form upload size limits

The above conflicts directly with OP's Accept any utf8 string

[-] milicent_bystandr@lemm.ee 5 points 3 months ago

I opened an account in 2014 and I'm still uploading my password.

[-] tiredofsametab@fedia.io 3 points 3 months ago

If you aren't required to use an upload manager, are you really setting a solid password :thinking:

[-] milicent_bystandr@lemm.ee 4 points 3 months ago

Can't trust an upload manager not to be hacked. I employ a team of typists in India.

[-] x0x7@lemmy.world 3 points 3 months ago* (last edited 3 months ago)

Ok. Take up to 65,536 bytes of utf8 string. Or better yet. Accept any password length. I mean any. But instead of transmitting it you bcyrpt on their machine and then use the resulting key to hmac sign a recent timestamp that can't be reused.

this post was submitted on 18 Aug 2024
847 points (98.8% liked)

Cybersecurity - Memes

1893 readers
1 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago
MODERATORS