this post was submitted on 14 Jul 2023
1178 points (92.1% liked)

Technology

60082 readers
3293 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
 

We've all been there.

(page 5) 11 comments
sorted by: hot top controversial new old
[–] unixfreak@feddit.uk -2 points 1 year ago* (last edited 1 year ago) (7 children)

If a password input form asks any of these questions, consider the website or service compromised right from the beginning. The reason for this, is that it means they are not storing salted/hashed passwords and your password will be stored as plain text on their servers. There's no reason for any limitations on a password. In the event of a breach, your password will be visible in any database dumped by a hack. Always makes me wince when a password form complains about password length, as it really should not matter. When you hash a password, it will be stored in the database at a specific string length;

Eg; using sha-1 hashing:

pass123 = 5f1e04b7fc8d7067346b77bdbb6a4d4f9f4abace28f15c2b265c710b120393b2
password321 = 8852ab05d5b32f9efd3dcbf69edcfd65464e64c8e5e8310239871e02380e81b3
load more comments (7 replies)
[–] daniskarma@lemmy.world -3 points 1 year ago

In not that many years password cracking capabilities would surpass any reasonable password length and character combination.

load more comments
view more: ‹ prev next ›