this post was submitted on 11 Aug 2024
833 points (98.4% liked)

memes

10428 readers
2637 users here now

Community rules

1. Be civilNo trolling, bigotry or other insulting / annoying behaviour

2. No politicsThis is non-politics community. For political memes please go to !politicalmemes@lemmy.world

3. No recent repostsCheck for reposts when posting a meme, you can only repost after 1 month

4. No botsNo bots without the express approval of the mods or the admins

5. No Spam/AdsNo advertisements or spam. This is an instance rule and the only way to live.

Sister communities

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] thanks_shakey_snake@lemmy.ca 9 points 3 months ago

There's a type of attack where you put absurdly large inputs into fields that perform expensive calculations, like password hashing... So imagine 100 computers spamming the login form with the whole Bee Movie script 10x per second (which would be a pretty small attack)... Cheap to send, expensive to process. As others mention, the storage should be cheap, because the hashed version of the password is all the same length.

So it makes sense for apps to have SOME upper limit... But it should be like 64 or 100 or 128 or 500 or something. 12 or 16 or 20 is just obnoxious.