851

Password length requirement (feddit.org)

submitted 1 year ago* (last edited 1 year ago) by cron@feddit.org to c/cybersecuritymemes@lemmy.world

170 comments fedilink hide all child comments

Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?

you are viewing a single comment's thread
view the rest of the comments

[-] DaPorkchop_@lemmy.ml 1 points 1 year ago

You can also hash it on the client-side, then the server-side network and processing costs are fixed because every password will be transmitted using same number of bytes

[-] unmagical@lemmy.ml 2 points 1 year ago

You still need to deal with that on the server. The client you build and provide could just truncate the input, but end users can pick their clients so the problem still remains.

[-] DaPorkchop_@lemmy.ml 1 points 1 year ago

The server can just reject any password hash it receives which isn't exactly hash-sized.

[-] Valmond@lemmy.world 1 points 1 year ago

That would take care of it, you do nead to salt & hash it again server side ofc.

this post was submitted on 18 Aug 2024

851 points (98.7% liked)

Cybersecurity - Memes

3245 readers

1 users here now

Only the hottest memes in Cybersecurity

founded 2 years ago

MODERATORS

Sam1232188@lemmy.world

neurohost@lemmy.world

Sam1232188@lemmy.fmhy.ml

Alphadef@programming.dev

CannaVet@lemmy.world