this post was submitted on 17 Jul 2023
390 points (87.9% liked)

Programmer Humor

32429 readers
1165 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] Sonotsugipaa@lemmy.dbzer0.com 33 points 1 year ago (25 children)

Infuriating fact: if a service has maximum password length limits (lower than 1000 characters), they're reversibly storing your password and if they're that lazy it's probably plain text

[–] newsonic@lemmy.world 3 points 1 year ago (3 children)

Nope. No point in storing > 256 or even 128 chars for a password anyway. Useless storage wasted. Also it doesn’t really mean they store the password badly in the server.

[–] peter@feddit.uk 17 points 1 year ago (1 children)

A hashed password is always the same length though is it not?

[–] dan@upvote.au 2 points 1 year ago (1 children)

The length limit is mostly for the user's sake - companies don't want people to set their passwords to 30+ character ones that they keep forgetting and call their tech support to reset.

[–] david@feddit.uk 2 points 1 year ago

That's really really really annoying, as someone who has a good, strong brain-based password algorithm and hates it when websites forbid my strong password forcing me to make an exception.

[–] conciselyverbose@kbin.social 8 points 1 year ago

Ignoring that they must be hashed to be acceptable and that it's not possible for 1000 characters of text to add up to a waste of storage worth mentioning in pretty much any environment, it's literally impossible for a 128 character password limit to be beneficial in any way.

A limit below that demonstrably lowers security by a huge margin.

[–] Sonotsugipaa@lemmy.dbzer0.com 3 points 1 year ago (1 children)

Ok but are 15 characters too much?

I've seen 14-char limits, which are NOT reasonable

[–] totally_notAcat@lemmy.blahaj.zone 1 points 1 year ago (1 children)

there is at least one bank that I know of with a 12 character limit

[–] dan@upvote.au 3 points 1 year ago

There's a major bank in Australia that limited passwords to six characters. Exactly six. No more, no less. The passwords were also case-insensitive.

load more comments (21 replies)