320
Larion Studios forum stores your passwords in unhashed plaintext. (lemmy.world)
submitted 11 months ago by Cabrio@lemmy.world to c/games@lemmy.world
217 comments fedilink hide all child comments

Larion Studios forum stores your passwords in unhashed plaintext. Don't use a password there that you've used anywhere else.

you are viewing a single comment's thread
view the rest of the comments
[-] icedterminal@lemmy.world 7 points 11 months ago

I recently created an Activision account during a free weekend event and discovered their password system is completely broken. 30 character limit but refused to accept any more than 12 characters. Kept erroring out with must be less than 30. Once I got it down to 12 it accepted that, but then it complained about certain special characters. Definitely not giving them financial information.

[-] Darkassassin07@lemmy.ca 12 points 11 months ago

My bank has a character limit, but they don't tell you about it; they just trim the password you've set before hashing + saving it, then when you go to login if you don't trim your password the same way they did, login fails.

I only know this because the mobile app will actually grey out the login button as soon as you enter more than the character limit. The web app just leaves you to be confused.

[-] DSTGU@lemm.ee 1 points 11 months ago

Doesnt lemmy also do it? I think I ve heard from Ruben at Boostforlemmy that lemmy only treats first 60 characters of your password as a password and the rest gets discarded. [citation needed]

[-] exal@lemmy.ca 1 points 11 months ago

Kind of.

The official web UI doesn't let you enter more than 60 characters, but doesn't indicate that at all. So you can keep typing past 60 characters but it won't get added to the input field and you can't really see that. If you paste a password into the field, it gets trimmed to 60 characters.

When creating a password, the server checks that it isn't longer than 60 characters and returns an error if so. On login, however, it silently trims the password to 72 bytes, because that's what the hashing algorithm they use supports.

load more comments (2 replies)
load more comments (5 replies)
load more comments (6 replies)
this post was submitted on 28 Sep 2023
320 points (75.6% liked)

Games

31818 readers
866 users here now

Welcome to the largest gaming community on Lemmy! Discussion for all kinds of games. Video games, tabletop games, card games etc.

Weekly Threads:

What Are You Playing?

The Weekly Discussion Topic

Rules:

  1. Submissions have to be related to games

  2. No bigotry or harassment, be civil

  3. No excessive self-promotion

  4. Stay on-topic; no memes, funny videos, giveaways, reposts, or low-effort posts

  5. Mark Spoilers and NSFW

  6. No linking to piracy

More information about the community rules can be found here.

founded 1 year ago
MODERATORS
quinten@lemmy.world
TheSpookiestUser@lemmy.world
shitpostpolice@lemmy.world
Dremor@lemmy.world
Dremor@jlai.lu